Weekly Vulnerabilities Reports > March 9 to 15, 2009
Overview
88 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 65 vendors including Microsoft, SUN, Typo3, IBM, and Stewart Howe. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".
- 80 reported vulnerabilities are remotely exploitables.
- 25 reported vulnerabilities have public exploit available.
- 45 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 83 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-11 | CVE-2008-4563 | Microsoft IBM | Buffer Errors vulnerability in IBM products Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value. | 10.0 |
2009-03-10 | CVE-2009-0869 | IBM Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager HSM Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | 10.0 |
2009-03-10 | CVE-2009-0837 | Foxit | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Foxit Reader3.0 Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action. | 10.0 |
2009-03-10 | CVE-2009-0836 | Foxitsoftware | Buffer Errors vulnerability in Foxitsoftware Reader 2.3/3.0 Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action. | 10.0 |
2009-03-09 | CVE-2008-6444 | Baidu | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Baidu HI Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value. | 10.0 |
2009-03-12 | CVE-2009-0885 | Mediacommands | Buffer Errors vulnerability in Mediacommands Media Commands 1.0 Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file. | 9.3 |
2009-03-10 | CVE-2009-0191 | Foxitsoftware | Code Injection vulnerability in Foxitsoftware Foxit Reader 2.3/3.0/3.0.2009.1301 Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location. | 9.3 |
2009-03-09 | CVE-2008-6447 | Quiksoft | Buffer Errors vulnerability in Quiksoft Easymail Mailstore Object 6.5.0.3 Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method. | 9.3 |
2009-03-09 | CVE-2008-6441 | Epicgames | USE of Externally-Controlled Format String vulnerability in Epicgames Unreal Engine 2/2.5/3 Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command. | 9.3 |
2009-03-12 | CVE-2009-0632 | Cisco | Credentials Management vulnerability in Cisco Unified Communications Manager The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x. | 9.0 |
2009-03-10 | CVE-2008-3547 | Openttd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients." | 9.0 |
27 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-10 | CVE-2009-0865 | Geovision | Path Traversal vulnerability in Geovision Livex Activex Control 8.1.2.0/8.2.0.0 Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. | 8.8 |
2009-03-13 | CVE-2008-6471 | Mountaingrafix | SQL Injection vulnerability in Mountaingrafix Easylink 1.1.0 SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action. | 7.5 |
2009-03-13 | CVE-2008-6469 | Plaincart | SQL Injection vulnerability in Plaincart 1.1.2 SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
2009-03-13 | CVE-2008-6468 | Dieselscripts | SQL Injection vulnerability in Dieselscripts Diesel PAY SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action. | 7.5 |
2009-03-13 | CVE-2008-6467 | Dieselscripts | SQL Injection vulnerability in Dieselscripts Diesel JOB Site SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter. | 7.5 |
2009-03-13 | CVE-2008-6466 | E107 Akirapowered | SQL Injection vulnerability in Akirapowered Image Gallery 0.9.6.2 SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action. | 7.5 |
2009-03-13 | CVE-2008-6464 | Mevin | SQL Injection vulnerability in Mevin Basic-PHP-Events-Lister 1.0 SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-13 | CVE-2008-6463 | Typo3 FR Simon Rundell | SQL Injection vulnerability in Fr.Simon Rundell PD Churchsearch SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-13 | CVE-2008-6462 | Kurt Gusbeth Typo3 | SQL Injection vulnerability in Kurt Gusbeth Myquizpoll 0.1.1/0.1.2/0.1.3 SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-13 | CVE-2008-6461 | Typo3 FR Simon Rundell | SQL Injection vulnerability in Fr.Simon Rundell STE Prayer2 SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-13 | CVE-2008-6460 | Typo3 Mirko Werner | SQL Injection vulnerability in Mirko Werner MW Random Objects SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-13 | CVE-2008-6459 | Typo3 | SQL Injection vulnerability in Typo3 Autobeuser SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-13 | CVE-2008-6458 | Typo3 Dieter Mayer | SQL Injection vulnerability in Dieter Mayer FE Address Edit SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-13 | CVE-2008-6457 | Walnutstreet Typo3 | SQL Injection vulnerability in Walnutstreet Cgswigmore 0.1.0 SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-13 | CVE-2008-6456 | Martin Helmich Typo3 | SQL Injection vulnerability in Martin Helmich Hbook SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-03-13 | CVE-2008-6454 | 6Rbscript | SQL Injection vulnerability in 6Rbscript 3.3 SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action. | 7.5 |
2009-03-13 | CVE-2008-6452 | Oceandir | SQL Injection vulnerability in Oceandir SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-13 | CVE-2008-6451 | Jportal | SQL Injection vulnerability in Jportal 2 SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-12 | CVE-2009-0882 | Roman Bogorodskiy | SQL Injection vulnerability in Roman Bogorodskiy Nforum 1.5 Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php. | 7.5 |
2009-03-12 | CVE-2009-0881 | Josema Enzo | SQL Injection vulnerability in Josema Enzo Isiajax 1 SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-10 | CVE-2009-0864 | Matteoiammarrone | Improper Authentication vulnerability in Matteoiammarrone S-Cms 1.1 S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. | 7.5 |
2009-03-10 | CVE-2009-0863 | Matteoiammarrone | SQL Injection vulnerability in Matteoiammarrone S-Cms 1.1 SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-09 | CVE-2009-0825 | Torben Sorensen | SQL Injection vulnerability in Torben Sorensen Tinx/Cms 3.0 SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-03-09 | CVE-2008-6446 | Geniuscyber | Code Injection vulnerability in Geniuscyber Maxsite Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | 7.5 |
2009-03-09 | CVE-2008-6445 | Yourplace | Improper Authentication vulnerability in Yourplace Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. | 7.5 |
2009-03-09 | CVE-2008-6443 | Phpkf | SQL Injection vulnerability in PHPkf SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter. | 7.5 |
2009-03-11 | CVE-2009-0712 | HP | Unspecified vulnerability in HP WMI Mapper Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors. | 7.2 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-12 | CVE-2009-0876 | SUN Linux | Link Following vulnerability in SUN XVM Virtualbox Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN. | 6.9 |
2009-03-12 | CVE-2009-0875 | SUN | Race Condition vulnerability in SUN Opensolaris and Solaris Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server. | 6.9 |
2009-03-11 | CVE-2009-0854 | Dash | OS Command Injection vulnerability in Dash 0.5.4 Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | 6.9 |
2009-03-13 | CVE-2008-6455 | Edikon | Improper Authentication vulnerability in Edikon PHPshop 0.8.1 Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
2009-03-12 | CVE-2009-0883 | Amunak | SQL Injection vulnerability in Amunak Blue EYE CMS 1.0.0 SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter. | 6.8 |
2009-03-12 | CVE-2009-0880 | IBM Microsoft | Path Traversal vulnerability in IBM Director Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. | 6.8 |
2009-03-11 | CVE-2009-0873 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris, Solaris and Sunos The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other." | 6.8 |
2009-03-11 | CVE-2009-0872 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. | 6.8 |
2009-03-10 | CVE-2009-0868 | Fujitsu Microsoft SUN | Improper Input Validation vulnerability in Fujitsu Jasmine2000 CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.8 |
2009-03-09 | CVE-2009-0853 | Stewart Howe | Improper Authentication vulnerability in Stewart Howe Celerbb 0.0.2 login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value. | 6.8 |
2009-03-09 | CVE-2009-0851 | Stewart Howe | SQL Injection vulnerability in Stewart Howe Celerbb 0.0.2 Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. | 6.8 |
2009-03-11 | CVE-2009-0234 | Microsoft | Improper Input Validation vulnerability in Microsoft products The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." | 6.4 |
2009-03-14 | CVE-2009-0582 | Gnome | Improper Input Validation vulnerability in Gnome Evolution-Data-Server 2.25.92 The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data. | 5.8 |
2009-03-11 | CVE-2009-0233 | Microsoft | Improper Input Validation vulnerability in Microsoft products The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." | 5.8 |
2009-03-09 | CVE-2009-0858 | D J Bernstein | Improper Input Validation vulnerability in D.J.Bernstein Djbdns The response_addname function in response.c in Daniel J. | 5.8 |
2009-03-09 | CVE-2008-6442 | Sina | Unspecified vulnerability in Sina Dloader Insecure method vulnerability in Sina Inc. | 5.8 |
2009-03-11 | CVE-2009-0094 | Microsoft | Unspecified vulnerability in Microsoft products The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. | 5.5 |
2009-03-14 | CVE-2009-0016 | Apple Microsoft | Improper Input Validation vulnerability in Apple Itunes Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | 5.0 |
2009-03-13 | CVE-2008-6470 | Clansphere | Information Disclosure vulnerability in ClanSphere Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php files. | 5.0 |
2009-03-12 | CVE-2009-0886 | Oneorzero | Path Traversal vulnerability in Oneorzero Helpdesk Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-03-12 | CVE-2009-0879 | IBM Microsoft | Improper Input Validation vulnerability in IBM Director The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | 5.0 |
2009-03-12 | CVE-2009-0878 | Wesnoth | Resource Management Errors vulnerability in Wesnoth The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height. | 5.0 |
2009-03-11 | CVE-2009-0713 | HP | Unspecified vulnerability in HP Systems Insight Manager Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
2009-03-10 | CVE-2009-0867 | Fujitsu | Information Exposure vulnerability in Fujitsu Enhanced Support Facility 3.0/3.0.1 The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection. | 5.0 |
2009-03-10 | CVE-2009-0866 | Phnews | Permissions, Privileges, and Access Controls vulnerability in Phnews 1 pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php. | 5.0 |
2009-03-09 | CVE-2009-0027 | Redhat | Improper Input Validation vulnerability in Redhat Jboss Enterprise Application Platform 4.2.0/4.3.0 The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. | 5.0 |
2009-03-09 | CVE-2009-0852 | Stewart Howe | Information Exposure vulnerability in Stewart Howe Celerbb 0.0.2 showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter. | 5.0 |
2009-03-14 | CVE-2009-0824 | Slysoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Slysoft products Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call. | 4.9 |
2009-03-12 | CVE-2009-0874 | SUN | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function. | 4.9 |
2009-03-10 | CVE-2009-0870 | SUN | Resource Management Errors vulnerability in SUN Opensolaris and Solaris The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function. | 4.7 |
2009-03-11 | CVE-2009-0848 | Opensuse | OS Command Injection vulnerability in Opensuse 11.0/11.1 Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." | 4.4 |
2009-03-14 | CVE-2009-0143 | Apple | Information Exposure vulnerability in Apple Itunes Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. | 4.3 |
2009-03-14 | CVE-2008-6472 | Wireshark | Resource Management Errors vulnerability in Wireshark The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | 4.3 |
2009-03-13 | CVE-2008-6465 | Parallels | Cross-Site Scripting vulnerability in Parallels H-Sphere 3.0.0/3.1 Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters. | 4.3 |
2009-03-13 | CVE-2008-6453 | 6Rbscript | Path Traversal vulnerability in 6Rbscript 3.3 Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
2009-03-12 | CVE-2009-0884 | Filezilla Project | Classic Buffer Overflow vulnerability in Filezilla-Project Filezilla Server Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets. | 4.3 |
2009-03-12 | CVE-2009-0877 | SUN | Cross-Site Scripting vulnerability in SUN Java System Communications Express Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field. | 4.3 |
2009-03-12 | CVE-2009-0366 | Wesnoth | Resource Management Errors vulnerability in Wesnoth The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document. | 4.3 |
2009-03-11 | CVE-2009-0660 | Mahara | Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. | 4.3 |
2009-03-10 | CVE-2009-0862 | Tangocms | Cross-Site Scripting vulnerability in Tangocms Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-03-10 | CVE-2009-0861 | Denorastats | Cross-Site Scripting vulnerability in Denorastats PHPdenora Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name. | 4.3 |
2009-03-10 | CVE-2009-0860 | Netcordia | Cross-Site Scripting vulnerability in Netcordia Netmri Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages. | 4.3 |
2009-03-09 | CVE-2009-0857 | SUN | Cross-Site Scripting vulnerability in SUN Management Center 3.6.1/4.0 Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2009-03-09 | CVE-2009-0856 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-03-09 | CVE-2009-0850 | Bitdefender | Cross-Site Scripting vulnerability in Bitdefender Internet Security 2009 Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file. | 4.3 |
2009-03-09 | CVE-2008-6450 | Under Construction Baby | Cross-Site Scripting vulnerability in Under Construction Baby Pc2M Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2009-03-09 | CVE-2008-6448 | Skyarc | Cross-Site Scripting vulnerability in Skyarc Mtcms Wysiwyg Editor Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-03-09 | CVE-2008-6449 | Centurysys | Cross-Site Request Forgery (CSRF) vulnerability in Centurysys products Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-11 | CVE-2009-0871 | Digium | Improper Input Validation vulnerability in Digium Asterisk The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions. | 3.5 |
2009-03-11 | CVE-2009-0093 | Microsoft | Improper Input Validation vulnerability in Microsoft products Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. | 3.5 |