Weekly Vulnerabilities Reports > March 9 to 15, 2009

Overview

103 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 114 products from 73 vendors including Microsoft, SUN, Typo3, IBM, and Linux. Vulnerabilities are notably categorized as "SQL Injection", "Improper Input Validation", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Numeric Errors".

  • 89 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities have public exploit available.
  • 48 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 97 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-11 CVE-2008-4563 Microsoft
IBM
Buffer Errors vulnerability in IBM products

Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.

10.0
2009-03-10 CVE-2009-0869 IBM
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager HSM

Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.

10.0
2009-03-10 CVE-2009-0837 Foxit Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Foxit Reader3.0

Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.

10.0
2009-03-10 CVE-2009-0836 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Reader 2.3/3.0

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.

10.0
2009-03-09 CVE-2008-6444 Baidu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Baidu HI

Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.

10.0
2009-03-12 CVE-2009-0885 Mediacommands Buffer Errors vulnerability in Mediacommands Media Commands 1.0

Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.

9.3
2009-03-10 CVE-2009-0191 Foxitsoftware Code Injection vulnerability in Foxitsoftware Foxit Reader 2.3/3.0/3.0.2009.1301

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.

9.3
2009-03-10 CVE-2009-0081 Microsoft Improper Input Validation vulnerability in Microsoft products

The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."

9.3
2009-03-09 CVE-2008-6447 Quiksoft Buffer Errors vulnerability in Quiksoft Easymail Mailstore Object 6.5.0.3

Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.

9.3
2009-03-09 CVE-2008-6441 Epicgames USE of Externally-Controlled Format String vulnerability in Epicgames Unreal Engine 2/2.5/3

Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.

9.3
2009-03-12 CVE-2009-0632 Cisco Credentials Management vulnerability in Cisco Unified Communications Manager

The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.

9.0
2009-03-10 CVE-2008-3547 Openttd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd

Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."

9.0

35 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-10 CVE-2009-0865 Geovision Path Traversal vulnerability in Geovision Livex Activex Control 8.1.2.0/8.2.0.0

Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a ..

8.8
2009-03-14 CVE-2009-0587 GO Evolution Numeric Errors vulnerability in Go-Evolution Evolution-Data-Server

Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.

7.5
2009-03-14 CVE-2009-0586 Gstreamer Numeric Errors vulnerability in Gstreamer Gst-Plugins-Base

Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.

7.5
2009-03-14 CVE-2009-0585 JOE Shaw Numeric Errors vulnerability in JOE Shaw Libsoup

Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.

7.5
2009-03-13 CVE-2008-6471 Mountaingrafix SQL Injection vulnerability in Mountaingrafix Easylink 1.1.0

SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.

7.5
2009-03-13 CVE-2008-6469 Plaincart SQL Injection vulnerability in Plaincart 1.1.2

SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.

7.5
2009-03-13 CVE-2008-6468 Dieselscripts SQL Injection vulnerability in Dieselscripts Diesel PAY

SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action.

7.5
2009-03-13 CVE-2008-6467 Dieselscripts SQL Injection vulnerability in Dieselscripts Diesel JOB Site

SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter.

7.5
2009-03-13 CVE-2008-6466 E107
Akirapowered
SQL Injection vulnerability in Akirapowered Image Gallery 0.9.6.2

SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.

7.5
2009-03-13 CVE-2008-6464 Mevin SQL Injection vulnerability in Mevin Basic-PHP-Events-Lister 1.0

SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-03-13 CVE-2008-6463 Typo3
FR Simon Rundell
SQL Injection vulnerability in Fr.Simon Rundell PD Churchsearch

SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-03-13 CVE-2008-6462 Kurt Gusbeth
Typo3
SQL Injection vulnerability in Kurt Gusbeth Myquizpoll 0.1.1/0.1.2/0.1.3

SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-03-13 CVE-2008-6461 Typo3
FR Simon Rundell
SQL Injection vulnerability in Fr.Simon Rundell STE Prayer2

SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-03-13 CVE-2008-6460 Typo3
Mirko Werner
SQL Injection vulnerability in Mirko Werner MW Random Objects

SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-03-13 CVE-2008-6459 Typo3 SQL Injection vulnerability in Typo3 Autobeuser

SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-03-13 CVE-2008-6458 Typo3
Dieter Mayer
SQL Injection vulnerability in Dieter Mayer FE Address Edit

SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-03-13 CVE-2008-6457 Walnutstreet
Typo3
SQL Injection vulnerability in Walnutstreet Cgswigmore 0.1.0

SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-03-13 CVE-2008-6456 Martin Helmich
Typo3
SQL Injection vulnerability in Martin Helmich Hbook

SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-03-13 CVE-2008-6454 6Rbscript SQL Injection vulnerability in 6Rbscript 3.3

SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action.

7.5
2009-03-13 CVE-2008-6452 Oceandir SQL Injection vulnerability in Oceandir

SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-03-13 CVE-2008-6451 Jportal SQL Injection vulnerability in Jportal 2

SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-03-12 CVE-2009-0882 Roman Bogorodskiy SQL Injection vulnerability in Roman Bogorodskiy Nforum 1.5

Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.

7.5
2009-03-12 CVE-2009-0881 Josema Enzo SQL Injection vulnerability in Josema Enzo Isiajax 1

SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-03-10 CVE-2009-0864 Matteoiammarrone Improper Authentication vulnerability in Matteoiammarrone S-Cms 1.1

S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.

7.5
2009-03-10 CVE-2009-0863 Matteoiammarrone SQL Injection vulnerability in Matteoiammarrone S-Cms 1.1

SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-03-09 CVE-2009-0825 Torben Sorensen SQL Injection vulnerability in Torben Sorensen Tinx/Cms 3.0

SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-03-09 CVE-2009-0849 Novastor
Linux
Microsoft
Buffer Errors vulnerability in Novastor Novanet 12

Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll.

7.5
2009-03-09 CVE-2008-6446 Geniuscyber Code Injection vulnerability in Geniuscyber Maxsite

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter.

7.5
2009-03-09 CVE-2008-6445 Yourplace Improper Authentication vulnerability in Yourplace

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code.

7.5
2009-03-09 CVE-2008-6443 Phpkf SQL Injection vulnerability in PHPkf

SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.

7.5
2009-03-11 CVE-2009-0712 HP Unspecified vulnerability in HP WMI Mapper

Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors.

7.2
2009-03-10 CVE-2009-0083 Microsoft Improper Input Validation vulnerability in Microsoft products

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."

7.2
2009-03-10 CVE-2009-0082 Microsoft Improper Input Validation vulnerability in Microsoft products

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."

7.2
2009-03-12 CVE-2009-0778 Linux
Vmware
Microsoft
Redhat
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
7.1
2009-03-10 CVE-2009-0085 Microsoft Improper Authentication vulnerability in Microsoft products

The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."

7.1

54 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-12 CVE-2009-0876 SUN
Linux
Link Following vulnerability in SUN XVM Virtualbox

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.

6.9
2009-03-12 CVE-2009-0875 SUN Race Condition vulnerability in SUN Opensolaris and Solaris

Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.

6.9
2009-03-11 CVE-2009-0854 Dash OS Command Injection vulnerability in Dash 0.5.4

Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.

6.9
2009-03-13 CVE-2008-6455 Edikon Improper Authentication vulnerability in Edikon PHPshop 0.8.1

Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors.

6.8
2009-03-12 CVE-2009-0883 Amunak SQL Injection vulnerability in Amunak Blue EYE CMS 1.0.0

SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.

6.8
2009-03-12 CVE-2009-0880 IBM
Microsoft
Path Traversal vulnerability in IBM Director

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a ..

6.8
2009-03-11 CVE-2009-0873 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris, Solaris and Sunos

The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."

6.8
2009-03-11 CVE-2009-0872 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris

The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.

6.8
2009-03-10 CVE-2009-0868 Fujitsu
Microsoft
SUN
Improper Input Validation vulnerability in Fujitsu Jasmine2000

CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

6.8
2009-03-09 CVE-2009-0853 Stewart Howe Improper Authentication vulnerability in Stewart Howe Celerbb 0.0.2

login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.

6.8
2009-03-09 CVE-2009-0851 Stewart Howe SQL Injection vulnerability in Stewart Howe Celerbb 0.0.2

Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.

6.8
2009-03-12 CVE-2009-0887 Linux PAM Numeric Errors vulnerability in Linux-Pam

Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.

6.6
2009-03-11 CVE-2009-0234 Microsoft Improper Input Validation vulnerability in Microsoft products

The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."

6.4
2009-03-14 CVE-2009-0582 Gnome Improper Input Validation vulnerability in Gnome Evolution-Data-Server 2.25.92

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.

5.8
2009-03-11 CVE-2009-0233 Microsoft Improper Input Validation vulnerability in Microsoft products

The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."

5.8
2009-03-09 CVE-2009-0858 D J Bernstein Improper Input Validation vulnerability in D.J.Bernstein Djbdns

The response_addname function in response.c in Daniel J.

5.8
2009-03-09 CVE-2008-6442 Sina Unspecified vulnerability in Sina Dloader

Insecure method vulnerability in Sina Inc.

5.8
2009-03-11 CVE-2009-0094 Microsoft Unspecified vulnerability in Microsoft products

The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.

5.5
2009-03-14 CVE-2009-0016 Apple
Microsoft
Improper Input Validation vulnerability in Apple Itunes

Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.

5.0
2009-03-13 CVE-2008-6470 Clansphere Information Disclosure vulnerability in ClanSphere

Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php files.

5.0
2009-03-12 CVE-2009-0886 Oneorzero Path Traversal vulnerability in Oneorzero Helpdesk

Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2009-03-12 CVE-2009-0879 IBM
Microsoft
Improper Input Validation vulnerability in IBM Director

The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.

5.0
2009-03-12 CVE-2009-0878 Wesnoth Resource Management Errors vulnerability in Wesnoth

The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.

5.0
2009-03-11 CVE-2009-0713 HP Unspecified vulnerability in HP Systems Insight Manager

Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2009-03-10 CVE-2009-0867 Fujitsu Information Exposure vulnerability in Fujitsu Enhanced Support Facility 3.0/3.0.1

The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection.

5.0
2009-03-10 CVE-2009-0866 Phnews Permissions, Privileges, and Access Controls vulnerability in Phnews 1

pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.

5.0
2009-03-09 CVE-2009-0027 Redhat Improper Input Validation vulnerability in Redhat Jboss Enterprise Application Platform 4.2.0/4.3.0

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.

5.0
2009-03-09 CVE-2009-0852 Stewart Howe Information Exposure vulnerability in Stewart Howe Celerbb 0.0.2

showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.

5.0
2009-03-14 CVE-2009-0824 Slysoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Slysoft products

Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.

4.9
2009-03-12 CVE-2009-0874 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function.

4.9
2009-03-09 CVE-2009-0537 Microsoft
Openbsd
Numeric Errors vulnerability in multiple products

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

4.9
2009-03-10 CVE-2009-0870 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function.

4.7
2009-03-09 CVE-2009-0859 Linux Improper Input Validation vulnerability in Linux Kernel

The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.

4.7
2009-03-14 CVE-2008-4316 Gnome Numeric Errors vulnerability in Gnome Glib

Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.

4.6
2009-03-11 CVE-2009-0848 Opensuse OS Command Injection vulnerability in Opensuse 11.0/11.1

Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."

4.4
2009-03-14 CVE-2009-0143 Apple Information Exposure vulnerability in Apple Itunes

Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.

4.3
2009-03-14 CVE-2008-6472 Wireshark Resource Management Errors vulnerability in Wireshark

The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.

4.3
2009-03-13 CVE-2008-6465 Parallels Cross-Site Scripting vulnerability in Parallels H-Sphere 3.0.0/3.1

Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.

4.3
2009-03-13 CVE-2008-6453 6Rbscript Path Traversal vulnerability in 6Rbscript 3.3

Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2009-03-12 CVE-2009-0884 Filezilla Project Classic Buffer Overflow vulnerability in Filezilla-Project Filezilla Server

Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets.

4.3
2009-03-12 CVE-2009-0877 SUN Cross-Site Scripting vulnerability in SUN Java System Communications Express

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.

4.3
2009-03-12 CVE-2009-0366 Wesnoth Resource Management Errors vulnerability in Wesnoth

The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.

4.3
2009-03-11 CVE-2009-0660 Mahara Cross-Site Scripting vulnerability in Mahara

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.

4.3
2009-03-10 CVE-2009-0862 Tangocms Cross-Site Scripting vulnerability in Tangocms

Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-03-10 CVE-2009-0861 Denorastats Cross-Site Scripting vulnerability in Denorastats PHPdenora

Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name.

4.3
2009-03-10 CVE-2009-0860 Netcordia Cross-Site Scripting vulnerability in Netcordia Netmri

Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages.

4.3
2009-03-09 CVE-2009-0857 SUN Cross-Site Scripting vulnerability in SUN Management Center 3.6.1/4.0

Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2009-03-09 CVE-2009-0856 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-03-09 CVE-2009-0855 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-03-09 CVE-2009-0781 Apache Cross-Site Scripting vulnerability in Apache Tomcat

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

4.3
2009-03-09 CVE-2009-0850 Bitdefender Cross-Site Scripting vulnerability in Bitdefender Internet Security 2009

Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file.

4.3
2009-03-09 CVE-2008-6450 Under Construction Baby Cross-Site Scripting vulnerability in Under Construction Baby Pc2M

Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-03-09 CVE-2008-6448 Skyarc Cross-Site Scripting vulnerability in Skyarc Mtcms Wysiwyg Editor

Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-03-09 CVE-2008-6449 Centurysys Cross-Site Request Forgery (CSRF) vulnerability in Centurysys products

Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors.

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-11 CVE-2009-0871 Digium Improper Input Validation vulnerability in Digium Asterisk

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.

3.5
2009-03-11 CVE-2009-0093 Microsoft Improper Input Validation vulnerability in Microsoft products

Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.

3.5