Weekly Vulnerabilities Reports > March 30 to April 5, 2009
Overview
134 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 146 products from 90 vendors including IBM, Microsoft, Apple, Osgeo, and UMN. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "SQL Injection".
- 119 reported vulnerabilities are remotely exploitables.
- 35 reported vulnerabilities have public exploit available.
- 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 125 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 10 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
34 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-04-04 | CVE-2008-6604 | Picoflat | Path Traversal vulnerability in Picoflat CMS 0.5.9 Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2009-04-03 | CVE-2009-1240 | IBM | Unspecified vulnerability in IBM products Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive. | 10.0 |
2009-04-03 | CVE-2008-6602 | Stadtaus | Security vulnerability in Stadtaus Download Center Lite 1.6 Unspecified vulnerability in Download Center Lite before 2.1 has unknown impact and attack vectors related to "A minor security fix." | 10.0 |
2009-04-03 | CVE-2008-6598 | Sangoma | Race Condition vulnerability in Sangoma Wanpipe Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic." | 10.0 |
2009-04-03 | CVE-2008-6588 | Aztech | Credentials Management vulnerability in Aztech Adsl2/2+4-Port Router Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. | 10.0 |
2009-04-02 | CVE-2009-1236 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member. | 10.0 |
2009-04-02 | CVE-2009-1231 | IBM | Security vulnerability in IBM DB2 Content Manager 8.4.1 Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors. | 10.0 |
2009-04-01 | CVE-2008-6578 | Nortel | Multiple Security vulnerability in Nortel Cs1000 4.50 Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors. | 10.0 |
2009-04-01 | CVE-2008-6577 | Nortel | Credentials Management vulnerability in Nortel Cs1000 4.50 Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | 10.0 |
2009-04-01 | CVE-2009-1216 | Microsoft | Multiple vulnerability in Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2009-04-01 | CVE-2009-1210 | Wireshark | USE of Externally-Controlled Format String vulnerability in Wireshark Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. | 10.0 |
2009-03-31 | CVE-2009-1178 | IBM | Multiple vulnerability in IBM Tivoli Storage Manager 5.3.0/5.3.1/6.0 Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line." | 10.0 |
2009-03-31 | CVE-2009-1177 | Osgeo UMN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors. | 10.0 |
2009-03-31 | CVE-2009-1176 | Osgeo UMN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action. | 10.0 |
2009-03-31 | CVE-2009-0841 | Osgeo UMN | Path Traversal vulnerability in multiple products Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. | 10.0 |
2009-03-31 | CVE-2009-0840 | Osgeo UMN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header. | 10.0 |
2009-03-31 | CVE-2009-0839 | Osgeo UMN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action. | 10.0 |
2009-03-31 | CVE-2008-6566 | Octopussy | Unspecified vulnerability in Octopussy Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability. | 10.0 |
2009-03-31 | CVE-2009-1174 | IBM | Cryptographic Issues vulnerability in IBM Websphere Application Server 7.0/7.0.0.1 The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors. | 10.0 |
2009-03-31 | CVE-2009-1172 | IBM | Improper Input Validation vulnerability in IBM Websphere Application Server The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors. | 10.0 |
2009-03-30 | CVE-2008-6557 | Puppetmaster | Improper Input Validation vulnerability in Puppetmaster Webutil 2.7 cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command. | 10.0 |
2009-03-30 | CVE-2008-6556 | Puppet Master | Improper Input Validation vulnerability in Puppet Master Webutil 2.3 cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command. | 10.0 |
2009-03-30 | CVE-2008-6555 | Puppetmaster | Improper Input Validation vulnerability in Puppetmaster Webutil 2.3/2.7 cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. | 10.0 |
2009-03-30 | CVE-2008-6554 | Aztech | OS Command Injection vulnerability in Aztech Adsl2/2+4-Port Router 3.7.0 cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | 10.0 |
2009-03-30 | CVE-2008-6546 | Alecwh | Remote Security vulnerability in Alecwh PHPns 2.1.1 Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to "activation permissions." | 10.0 |
2009-03-30 | CVE-2008-6536 | 7 ZIP | Archive Handling vulnerability in 7-Zip Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10). | 10.0 |
2009-03-30 | CVE-2007-6721 | Bouncycastle | Unspecified vulnerability in Bouncycastle products The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes." | 10.0 |
2009-04-03 | CVE-2009-0556 | Microsoft | Code Injection vulnerability in Microsoft Office Powerpoint and Powerpoint Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." | 9.3 |
2009-04-03 | CVE-2008-6583 | Bsplayer | Buffer Errors vulnerability in Bsplayer Bs.Player 2.27 Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file. | 9.3 |
2009-04-01 | CVE-2007-4475 | SAP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method. | 9.3 |
2009-04-01 | CVE-2008-4825 | Ezbsystems | Buffer Errors vulnerability in Ezbsystems Ultraiso 9.3.1.2633 Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file. | 9.3 |
2009-04-01 | CVE-2008-3871 | Ezbsystems | USE of Externally-Controlled Format String vulnerability in Ezbsystems Ultraiso 9.3.1.2633 Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file. | 9.3 |
2009-04-01 | CVE-2009-1209 | W3 | Buffer Errors vulnerability in W3 Amaya 11.1 Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute. | 9.3 |
2009-03-31 | CVE-2008-6563 | Ceruleanstudios | Buffer Errors vulnerability in Ceruleanstudios Trillian 3.1.9.0 Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file. | 9.3 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-04-01 | CVE-2008-6576 | Nortel | Multiple Security vulnerability in Nortel Cs1000 4.50 Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. | 7.8 |
2009-04-01 | CVE-2009-1212 | Precisionid | Arbitrary File Overwrite vulnerability in PrecisionID Data Matrix Barcode ActiveX Control Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods. | 7.8 |
2009-03-31 | CVE-2009-0843 | Osgeo UMN | Improper Input Validation vulnerability in multiple products The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists. | 7.8 |
2009-03-30 | CVE-2009-0115 | Christophe Varoqui Fedoraproject Debian Avaya Suse Opensuse Novell Juniper | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. | 7.8 |
2009-03-31 | CVE-2008-6564 | Nortel | Multiple Security vulnerability in Nortel Networks Communication Server 1000 Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. | 7.6 |
2009-04-03 | CVE-2009-1241 | Clamav | Unspecified vulnerability in Clamav Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. | 7.5 |
2009-04-03 | CVE-2008-6596 | Phpcredo | SQL Injection vulnerability in PHPcredo Phcdownload 1.1 SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. | 7.5 |
2009-04-03 | CVE-2008-6595 | Typo3 | SQL Injection vulnerability in Typo3 PMK Rssnewsexport Extension SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-04-03 | CVE-2008-6594 | Network Publishing | SQL Injection vulnerability in Network-Publishing RDF Newsfeed Export SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-04-03 | CVE-2008-6593 | Lightneasy Sqlite | SQL Injection vulnerability in multiple products SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. | 7.5 |
2009-04-03 | CVE-2008-6592 | Lightneasy Sqlite | Path Traversal vulnerability in multiple products thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). | 7.5 |
2009-04-02 | CVE-2009-1229 | Arcadwy | SQL Injection vulnerability in Arcadwy Arcade Script SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter. | 7.5 |
2009-04-02 | CVE-2009-1226 | Podcast Generator | Permissions, Privileges, and Access Controls vulnerability in Podcast Generator Podcast Generator core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter. | 7.5 |
2009-04-02 | CVE-2009-1224 | Scivox | SQL Injection vulnerability in Scivox VSP Stats Processor 0.45 SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter. | 7.5 |
2009-04-02 | CVE-2008-6582 | Miniweb2 | SQL Injection vulnerability in Miniweb2 Miniweb 2.0 SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | 7.5 |
2009-04-02 | CVE-2008-6581 | Phpaddedit | Improper Authentication vulnerability in PHPaddedit 1.3 login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | 7.5 |
2009-04-01 | CVE-2008-6574 | Avaya | Input Validation vulnerability in Avaya SIP Enablement Services (SES) Server Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials. | 7.5 |
2009-04-01 | CVE-2009-1208 | Auth2Db Auth2Dbauth2Db | SQL Injection vulnerability in multiple products SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings. | 7.5 |
2009-04-01 | CVE-2009-1206 | Futomi | Privilege Escalation vulnerability in Access Analyzer CGI Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Professional Version 4.11.5 and earlier allows remote attackers to gain administrative privileges via unknown vectors. | 7.5 |
2009-03-31 | CVE-2006-7237 | Ixprim CMS | Code Injection vulnerability in Ixprim-Cms Ixprim 2.0 PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. | 7.5 |
2009-03-30 | CVE-2008-6553 | Impliedbydesign | Improper Authentication vulnerability in Impliedbydesign Micro-Cms microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action. | 7.5 |
2009-03-30 | CVE-2008-6547 | Formencode | Improper Input Validation vulnerability in Formencode 1.0 schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors. | 7.5 |
2009-03-30 | CVE-2008-6545 | Comscripts | Code Injection vulnerability in Comscripts web Server Creator web Portal 0.1 PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. | 7.5 |
2009-03-30 | CVE-2008-6543 | Comscripts | Code Injection vulnerability in Comscripts Quick Classifieds 1.0 Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc. | 7.5 |
2009-04-02 | CVE-2009-1238 | Apple | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. | 7.2 |
2009-04-02 | CVE-2009-1235 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. | 7.2 |
2009-04-01 | CVE-2009-0686 | Trendmicro | Resource Management Errors vulnerability in Trendmicro Internet Security 2008/2009 The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory. | 7.2 |
2009-03-30 | CVE-2008-6559 | SCO | Improper Input Validation vulnerability in SCO Reliantha and Unixware Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. | 7.2 |
2009-03-30 | CVE-2008-6558 | SCO Unixware | Improper Input Validation vulnerability in multiple products Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program. | 7.2 |
67 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-30 | CVE-2009-1170 | SUN | Local Privilege Escalation vulnerability in SUN Opensolaris Snv100/Snv101 Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process. | 6.9 |
2009-03-30 | CVE-2008-6552 | Redhat Fedoraproject | Link Following vulnerability in multiple products Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | 6.9 |
2009-04-03 | CVE-2008-6603 | Moinmo | Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin 1.6.2/1.7.0 MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | 6.8 |
2009-04-03 | CVE-2008-6587 | Vuze | Cross-Site Request Forgery (CSRF) vulnerability in Vuze 0.7.6 Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter. | 6.8 |
2009-04-03 | CVE-2008-6586 | Utorrent | Cross-Site Request Forgery (CSRF) vulnerability in Utorrent Webui 0.315 Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the authentication of administrators for requests that modify the administrator account via the setsetting action. | 6.8 |
2009-04-03 | CVE-2008-6585 | Torrentflux | Cross-Site Request Forgery (CSRF) vulnerability in Torrentflux 2.3 Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action. | 6.8 |
2009-04-01 | CVE-2008-6575 | Avaya | Unspecified vulnerability in Avaya Communication Manager Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. | 6.8 |
2009-04-01 | CVE-2008-6573 | Avaya | SQL Injection vulnerability in Avaya Communication Manager Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. | 6.8 |
2009-04-01 | CVE-2009-1213 | Mozilla | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing. | 6.8 |
2009-03-31 | CVE-2008-6572 | Abledating | SQL Injection vulnerability in Abledating 2.4 SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 6.8 |
2009-03-31 | CVE-2008-6569 | Cybozu | Improper Authentication vulnerability in Cybozu Garoon Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. | 6.8 |
2009-03-31 | CVE-2008-6568 | Yehe | Improper Input Validation vulnerability in Yehe 2.0 Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. | 6.8 |
2009-03-30 | CVE-2008-6541 | Dotnetnuke | Improper Input Validation vulnerability in Dotnetnuke Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors. | 6.8 |
2009-04-02 | CVE-2009-1230 | Podcast Generator | Code Injection vulnerability in Podcast Generator Podcast Generator Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action. | 6.5 |
2009-03-30 | CVE-2008-6539 | Holger Schurig | Code Injection vulnerability in Holger Schurig Destar 0.2.25 Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter. | 6.5 |
2009-04-03 | CVE-2008-6584 | Torrentflux | Code Injection vulnerability in Torrentflux 2.3 html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | 6.0 |
2009-04-01 | CVE-2009-1211 | Bluecoat | Configuration vulnerability in Bluecoat products Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.8 |
2009-03-31 | CVE-2009-1073 | Debian | Incorrect Permission Assignment for Critical Resource vulnerability in Debian Linux and Nss-Ldap nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field. | 5.5 |
2009-03-31 | CVE-2009-0892 | IBM | Improper Authentication vulnerability in IBM Websphere Application Server The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. | 5.5 |
2009-04-02 | CVE-2009-1222 | Webedition | Path Traversal vulnerability in Webedition 6.0.0.4 Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. | 5.1 |
2009-03-30 | CVE-2008-6551 | E Vision | Path Traversal vulnerability in E-Vision CMS 1.0 Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2009-03-30 | CVE-2008-6540 | Dotnetnuke | Permissions, Privileges, and Access Controls vulnerability in Dotnetnuke DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys. | 5.1 |
2009-04-03 | CVE-2009-1239 | IBM | Information Exposure vulnerability in IBM DB2 9.1 IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | 5.0 |
2009-04-03 | CVE-2008-6601 | Epona | Information Disclosure vulnerability in Epona 1.5 Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors. | 5.0 |
2009-04-03 | CVE-2008-6599 | Jath Pala | Permissions, Privileges, and Access Controls vulnerability in Jath Pala Cookiecheck 1.0 cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." | 5.0 |
2009-04-03 | CVE-2008-6591 | Lightneasy | Code Injection vulnerability in Lightneasy 1.2.2 LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. | 5.0 |
2009-04-03 | CVE-2008-6590 | Lightneasy Sqlite | Path Traversal vulnerability in multiple products Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. | 5.0 |
2009-04-02 | CVE-2009-1223 | Fullrevolution | Permissions, Privileges, and Access Controls vulnerability in Fullrevolution Aspwebcalendar aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb. | 5.0 |
2009-04-02 | CVE-2008-6580 | Funscripts | Permissions, Privileges, and Access Controls vulnerability in Funscripts RED Reservations The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | 5.0 |
2009-04-02 | CVE-2003-1571 | Webwizguide | Permissions, Privileges, and Access Controls vulnerability in Webwizguide web WIZ Guestbook 6.0/8.21 Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. | 5.0 |
2009-04-01 | CVE-2008-6579 | Nortel | Multiple Security vulnerability in Nortel Cs1000 4.50 Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." | 5.0 |
2009-04-01 | CVE-2009-1219 | SUN | Improper Input Validation vulnerability in SUN Java System Calendar Server and ONE Calendar Server Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. | 5.0 |
2009-04-01 | CVE-2009-0790 | Strongswan Xelerance | Improper Input Validation vulnerability in multiple products The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. | 5.0 |
2009-03-31 | CVE-2007-6724 | Vidalia Project Microsoft | Configuration vulnerability in Vidalia-Project Vidalia Bundle Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration. | 5.0 |
2009-03-31 | CVE-2007-6722 | Vidalia Project Apple Microsoft | Configuration vulnerability in Vidalia-Project Vidalia Bundle Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | 5.0 |
2009-03-31 | CVE-2005-4880 | JAX Scripts | Permissions, Privileges, and Access Controls vulnerability in JAX Scripts JAX Guestbook 3.1/3.3.1 Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv. | 5.0 |
2009-03-30 | CVE-2008-6549 | Moinmo | Unspecified vulnerability in Moinmo Moinmoin 1.6.1 The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. | 5.0 |
2009-03-30 | CVE-2008-6538 | Holger Schurig | Improper Input Validation vulnerability in Holger Schurig Destar 0.2.25 DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser. | 5.0 |
2009-03-30 | CVE-2008-6537 | Lightneasy | Information Exposure vulnerability in Lightneasy 1.2 LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST. | 5.0 |
2009-04-02 | CVE-2009-1237 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. | 4.9 |
2009-04-01 | CVE-2009-1214 | GNU | Permissions, Privileges, and Access Controls vulnerability in GNU Screen 4.0.3 GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. | 4.9 |
2009-03-30 | CVE-2008-6542 | Dotnetnuke | Remote vulnerability in DotNetNuke Prior to 4.8.2 Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files. | 4.6 |
2009-04-01 | CVE-2009-1207 | SUN | Race Condition vulnerability in SUN Opensolaris and Solaris Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. | 4.4 |
2009-04-03 | CVE-2008-6600 | Xmlportal | Cross-Site Scripting vulnerability in Xmlportal 3.0 Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2009-04-03 | CVE-2008-6597 | Phpcredo | Cross-Site Scripting vulnerability in PHPcredo Phcdownload 1.1 Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. | 4.3 |
2009-04-03 | CVE-2008-6589 | Lightneasy Sqlite | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. | 4.3 |
2009-04-02 | CVE-2009-1234 | Opera | Improper Input Validation vulnerability in Opera Browser 9.52/9.64 Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. | 4.3 |
2009-04-02 | CVE-2009-1233 | Apple Microsoft | Improper Input Validation vulnerability in Apple Safari 3.2.2/4 Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | 4.3 |
2009-04-02 | CVE-2009-1232 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. | 4.3 |
2009-04-02 | CVE-2009-1228 | Arcadwy | Cross-Site Scripting vulnerability in Arcadwy Arcade Script CMS Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter). | 4.3 |
2009-04-02 | CVE-2009-1225 | Platinumprofitzone | Cross-Site Scripting vulnerability in Platinumprofitzone Turnkey Ebook Store 1.1 Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | 4.3 |
2009-04-01 | CVE-2009-1220 | Cisco | Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance and IOS Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header. | 4.3 |
2009-04-01 | CVE-2009-1218 | SUN | Cross-Site Scripting vulnerability in SUN Java System Calendar Server and ONE Calendar Server Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml. | 4.3 |
2009-04-01 | CVE-2009-1217 | Microsoft | Off-by-one Error vulnerability in Microsoft Gdi+ Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." | 4.3 |
2009-04-01 | CVE-2009-1204 | Tiki | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 2.2 Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. | 4.3 |
2009-03-31 | CVE-2009-0842 | Osgeo UMN | Information Exposure vulnerability in multiple products mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink. | 4.3 |
2009-03-31 | CVE-2004-2762 | IBM | Multiple vulnerability in IBM Tivoli Storage Manager The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1. | 4.3 |
2009-03-31 | CVE-2008-6571 | Linpha | Cross-Site Scripting vulnerability in Linpha Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors. | 4.3 |
2009-03-31 | CVE-2008-6570 | Cybozu | Cross-Site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | 4.3 |
2009-03-31 | CVE-2008-6567 | Gallarific | Cross-Site Scripting vulnerability in Gallarific Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via (1) the e-mail address, (2) a comment, which is not properly handled during moderation, and (3) the tag parameter to gallery/tags.php. | 4.3 |
2009-03-31 | CVE-2008-6565 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. | 4.3 |
2009-03-31 | CVE-2008-6562 | JAX Scripts | Cross-Site Scripting vulnerability in JAX Scripts JAX Linklists 1.00 Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
2009-03-31 | CVE-2007-6723 | Anonymityanywhere Apple Microsoft | Configuration vulnerability in Anonymityanywhere Tork 0.22 TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | 4.3 |
2009-03-31 | CVE-2005-4879 | JAX Scripts | Cross-Site Scripting vulnerability in JAX Scripts JAX Guestbook 3.1/3.31 Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. | 4.3 |
2009-03-31 | CVE-2009-1175 | Banshee Project | Cross-Site Scripting vulnerability in Banshee-Project Banshee 1.4.2 Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message. | 4.3 |
2009-03-30 | CVE-2009-1171 | Moodle | Improper Input Validation vulnerability in Moodle The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. | 4.3 |
2009-03-30 | CVE-2008-6550 | Davidbourrier | Cross-Site Scripting vulnerability in Davidbourrier Glossaire 2.0 Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-03-31 | CVE-2003-1570 | IBM | Improper Authentication vulnerability in IBM Tivoli Storage Manager The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure." | 3.5 |
2009-03-31 | CVE-2009-1173 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 7.0/7.0.0.1 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used. | 2.1 |
2009-04-01 | CVE-2009-1215 | GNU | Race Condition vulnerability in GNU Screen 4.0.3 Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. | 1.9 |
2009-03-31 | CVE-2008-6561 | Citrix Microsoft | Information Exposure vulnerability in Citrix Presentation Server Client 10.200 Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | 1.9 |