Weekly Vulnerabilities Reports > March 30 to April 5, 2009

Overview

134 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 146 products from 90 vendors including IBM, Microsoft, Apple, Osgeo, and UMN. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "SQL Injection".

  • 119 reported vulnerabilities are remotely exploitables.
  • 35 reported vulnerabilities have public exploit available.
  • 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 125 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

34 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-04 CVE-2008-6604 Picoflat Path Traversal vulnerability in Picoflat CMS 0.5.9

Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a ..

10.0
2009-04-03 CVE-2009-1240 IBM Unspecified vulnerability in IBM products

Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.

10.0
2009-04-03 CVE-2008-6602 Stadtaus Security vulnerability in Stadtaus Download Center Lite 1.6

Unspecified vulnerability in Download Center Lite before 2.1 has unknown impact and attack vectors related to "A minor security fix."

10.0
2009-04-03 CVE-2008-6598 Sangoma Race Condition vulnerability in Sangoma Wanpipe

Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."

10.0
2009-04-03 CVE-2008-6588 Aztech Credentials Management vulnerability in Aztech Adsl2/2+4-Port Router

Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.

10.0
2009-04-02 CVE-2009-1236 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

10.0
2009-04-02 CVE-2009-1231 IBM Security vulnerability in IBM DB2 Content Manager 8.4.1

Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors.

10.0
2009-04-01 CVE-2008-6578 Nortel Multiple Security vulnerability in Nortel Cs1000 4.50

Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.

10.0
2009-04-01 CVE-2008-6577 Nortel Credentials Management vulnerability in Nortel Cs1000 4.50

Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.

10.0
2009-04-01 CVE-2009-1216 Microsoft Multiple vulnerability in Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications

Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors.

10.0
2009-04-01 CVE-2009-1210 Wireshark USE of Externally-Controlled Format String vulnerability in Wireshark

Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name.

10.0
2009-03-31 CVE-2009-1178 IBM Multiple vulnerability in IBM Tivoli Storage Manager 5.3.0/5.3.1/6.0

Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."

10.0
2009-03-31 CVE-2009-1177 Osgeo
UMN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors.

10.0
2009-03-31 CVE-2009-1176 Osgeo
UMN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.

10.0
2009-03-31 CVE-2009-0841 Osgeo
UMN
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a ..

10.0
2009-03-31 CVE-2009-0840 Osgeo
UMN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.

10.0
2009-03-31 CVE-2009-0839 Osgeo
UMN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.

10.0
2009-03-31 CVE-2008-6566 Octopussy Unspecified vulnerability in Octopussy

Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.

10.0
2009-03-31 CVE-2009-1174 IBM Cryptographic Issues vulnerability in IBM Websphere Application Server 7.0/7.0.0.1

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.

10.0
2009-03-31 CVE-2009-1172 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.

10.0
2009-03-30 CVE-2008-6557 Puppetmaster Improper Input Validation vulnerability in Puppetmaster Webutil 2.7

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command.

10.0
2009-03-30 CVE-2008-6556 Puppet Master Improper Input Validation vulnerability in Puppet Master Webutil 2.3

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command.

10.0
2009-03-30 CVE-2008-6555 Puppetmaster Improper Input Validation vulnerability in Puppetmaster Webutil 2.3/2.7

cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.

10.0
2009-03-30 CVE-2008-6554 Aztech OS Command Injection vulnerability in Aztech Adsl2/2+4-Port Router 3.7.0

cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.

10.0
2009-03-30 CVE-2008-6546 Alecwh Remote Security vulnerability in Alecwh PHPns 2.1.1

Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to "activation permissions."

10.0
2009-03-30 CVE-2008-6536 7 ZIP Archive Handling vulnerability in 7-Zip

Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).

10.0
2009-03-30 CVE-2007-6721 Bouncycastle Unspecified vulnerability in Bouncycastle products

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

10.0
2009-04-03 CVE-2009-0556 Microsoft Code Injection vulnerability in Microsoft Office Powerpoint and Powerpoint

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

9.3
2009-04-03 CVE-2008-6583 Bsplayer Buffer Errors vulnerability in Bsplayer Bs.Player 2.27

Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file.

9.3
2009-04-01 CVE-2007-4475 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Sapgui

Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.

9.3
2009-04-01 CVE-2008-4825 Ezbsystems Buffer Errors vulnerability in Ezbsystems Ultraiso 9.3.1.2633

Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.

9.3
2009-04-01 CVE-2008-3871 Ezbsystems USE of Externally-Controlled Format String vulnerability in Ezbsystems Ultraiso 9.3.1.2633

Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.

9.3
2009-04-01 CVE-2009-1209 W3 Buffer Errors vulnerability in W3 Amaya 11.1

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.

9.3
2009-03-31 CVE-2008-6563 Ceruleanstudios Buffer Errors vulnerability in Ceruleanstudios Trillian 3.1.9.0

Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file.

9.3

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-01 CVE-2008-6576 Nortel Multiple Security vulnerability in Nortel Cs1000 4.50

Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions.

7.8
2009-04-01 CVE-2009-1212 Precisionid Arbitrary File Overwrite vulnerability in PrecisionID Data Matrix Barcode ActiveX Control

Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.

7.8
2009-03-31 CVE-2009-0843 Osgeo
UMN
Improper Input Validation vulnerability in multiple products

The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.

7.8
2009-03-30 CVE-2009-0115 Christophe Varoqui
Fedoraproject
Debian
Avaya
Suse
Opensuse
Novell
Juniper
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

7.8
2009-03-31 CVE-2008-6564 Nortel Multiple Security vulnerability in Nortel Networks Communication Server 1000

Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.

7.6
2009-04-03 CVE-2009-1241 Clamav Unspecified vulnerability in Clamav

Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.

7.5
2009-04-03 CVE-2008-6596 Phpcredo SQL Injection vulnerability in PHPcredo Phcdownload 1.1

SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter.

7.5
2009-04-03 CVE-2008-6595 Typo3 SQL Injection vulnerability in Typo3 PMK Rssnewsexport Extension

SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-04-03 CVE-2008-6594 Network Publishing SQL Injection vulnerability in Network-Publishing RDF Newsfeed Export

SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-04-03 CVE-2008-6593 Lightneasy
Sqlite
SQL Injection vulnerability in multiple products

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.

7.5
2009-04-03 CVE-2008-6592 Lightneasy
Sqlite
Path Traversal vulnerability in multiple products

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

7.5
2009-04-02 CVE-2009-1229 Arcadwy SQL Injection vulnerability in Arcadwy Arcade Script

SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.

7.5
2009-04-02 CVE-2009-1226 Podcast Generator Permissions, Privileges, and Access Controls vulnerability in Podcast Generator Podcast Generator

core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.

7.5
2009-04-02 CVE-2009-1224 Scivox SQL Injection vulnerability in Scivox VSP Stats Processor 0.45

SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.

7.5
2009-04-02 CVE-2008-6582 Miniweb2 SQL Injection vulnerability in Miniweb2 Miniweb 2.0

SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

7.5
2009-04-02 CVE-2008-6581 Phpaddedit Improper Authentication vulnerability in PHPaddedit 1.3

login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.

7.5
2009-04-01 CVE-2008-6574 Avaya Input Validation vulnerability in Avaya SIP Enablement Services (SES) Server

Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.

7.5
2009-04-01 CVE-2009-1208 Auth2Db
Auth2Dbauth2Db
SQL Injection vulnerability in multiple products

SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.

7.5
2009-04-01 CVE-2009-1206 Futomi Privilege Escalation vulnerability in Access Analyzer CGI

Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Professional Version 4.11.5 and earlier allows remote attackers to gain administrative privileges via unknown vectors.

7.5
2009-03-31 CVE-2006-7237 Ixprim CMS Code Injection vulnerability in Ixprim-Cms Ixprim 2.0

PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter.

7.5
2009-03-30 CVE-2008-6553 Impliedbydesign Improper Authentication vulnerability in Impliedbydesign Micro-Cms

microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action.

7.5
2009-03-30 CVE-2008-6547 Formencode Improper Input Validation vulnerability in Formencode 1.0

schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.

7.5
2009-03-30 CVE-2008-6545 Comscripts Code Injection vulnerability in Comscripts web Server Creator web Portal 0.1

PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter.

7.5
2009-03-30 CVE-2008-6543 Comscripts Code Injection vulnerability in Comscripts Quick Classifieds 1.0

Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc.

7.5
2009-04-02 CVE-2009-1238 Apple Race Condition vulnerability in Apple mac OS X and mac OS X Server

Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.

7.2
2009-04-02 CVE-2009-1235 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.

7.2
2009-04-01 CVE-2009-0686 Trendmicro Resource Management Errors vulnerability in Trendmicro Internet Security 2008/2009

The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.

7.2
2009-03-30 CVE-2008-6559 SCO Improper Input Validation vulnerability in SCO Reliantha and Unixware

Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains ..

7.2
2009-03-30 CVE-2008-6558 SCO
Unixware
Improper Input Validation vulnerability in multiple products

Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program.

7.2

67 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-30 CVE-2009-1170 SUN Local Privilege Escalation vulnerability in SUN Opensolaris Snv100/Snv101

Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process.

6.9
2009-03-30 CVE-2008-6552 Redhat
Fedoraproject
Link Following vulnerability in multiple products

Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.

6.9
2009-04-03 CVE-2008-6603 Moinmo Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin 1.6.2/1.7.0

MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.

6.8
2009-04-03 CVE-2008-6587 Vuze Cross-Site Request Forgery (CSRF) vulnerability in Vuze 0.7.6

Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter.

6.8
2009-04-03 CVE-2008-6586 Utorrent Cross-Site Request Forgery (CSRF) vulnerability in Utorrent Webui 0.315

Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the authentication of administrators for requests that modify the administrator account via the setsetting action.

6.8
2009-04-03 CVE-2008-6585 Torrentflux Cross-Site Request Forgery (CSRF) vulnerability in Torrentflux 2.3

Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.

6.8
2009-04-01 CVE-2008-6575 Avaya Unspecified vulnerability in Avaya Communication Manager

Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.

6.8
2009-04-01 CVE-2008-6573 Avaya SQL Injection vulnerability in Avaya Communication Manager

Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.

6.8
2009-04-01 CVE-2009-1213 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

6.8
2009-03-31 CVE-2008-6572 Abledating SQL Injection vulnerability in Abledating 2.4

SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

6.8
2009-03-31 CVE-2008-6569 Cybozu Improper Authentication vulnerability in Cybozu Garoon

Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.

6.8
2009-03-31 CVE-2008-6568 Yehe Improper Input Validation vulnerability in Yehe 2.0

Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature.

6.8
2009-03-30 CVE-2008-6541 Dotnetnuke Improper Input Validation vulnerability in Dotnetnuke

Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.

6.8
2009-04-02 CVE-2009-1230 Podcast Generator Code Injection vulnerability in Podcast Generator Podcast Generator

Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.

6.5
2009-03-30 CVE-2008-6539 Holger Schurig Code Injection vulnerability in Holger Schurig Destar 0.2.25

Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.

6.5
2009-04-03 CVE-2008-6584 Torrentflux Code Injection vulnerability in Torrentflux 2.3

html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory.

6.0
2009-04-01 CVE-2009-1211 Bluecoat Configuration vulnerability in Bluecoat products

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

5.8
2009-03-31 CVE-2009-1073 Debian Incorrect Permission Assignment for Critical Resource vulnerability in Debian Linux and Nss-Ldap

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

5.5
2009-03-31 CVE-2009-0892 IBM Improper Authentication vulnerability in IBM Websphere Application Server

The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.

5.5
2009-04-02 CVE-2009-1222 Webedition Path Traversal vulnerability in Webedition 6.0.0.4

Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a ..

5.1
2009-03-30 CVE-2008-6551 E Vision Path Traversal vulnerability in E-Vision CMS 1.0

Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..

5.1
2009-03-30 CVE-2008-6540 Dotnetnuke Permissions, Privileges, and Access Controls vulnerability in Dotnetnuke

DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.

5.1
2009-04-03 CVE-2009-1239 IBM Information Exposure vulnerability in IBM DB2 9.1

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

5.0
2009-04-03 CVE-2008-6601 Epona Information Disclosure vulnerability in Epona 1.5

Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors.

5.0
2009-04-03 CVE-2008-6599 Jath Pala Permissions, Privileges, and Access Controls vulnerability in Jath Pala Cookiecheck 1.0

cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."

5.0
2009-04-03 CVE-2008-6591 Lightneasy Code Injection vulnerability in Lightneasy 1.2.2

LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.

5.0
2009-04-03 CVE-2008-6590 Lightneasy
Sqlite
Path Traversal vulnerability in multiple products

Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a ..

5.0
2009-04-02 CVE-2009-1223 Fullrevolution Permissions, Privileges, and Access Controls vulnerability in Fullrevolution Aspwebcalendar

aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.

5.0
2009-04-02 CVE-2008-6580 Funscripts Permissions, Privileges, and Access Controls vulnerability in Funscripts RED Reservations

The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.

5.0
2009-04-02 CVE-2003-1571 Webwizguide Permissions, Privileges, and Access Controls vulnerability in Webwizguide web WIZ Guestbook 6.0/8.21

Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb.

5.0
2009-04-01 CVE-2008-6579 Nortel Multiple Security vulnerability in Nortel Cs1000 4.50

Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."

5.0
2009-04-01 CVE-2009-1219 SUN Improper Input Validation vulnerability in SUN Java System Calendar Server and ONE Calendar Server

Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter.

5.0
2009-04-01 CVE-2009-0790 Strongswan
Xelerance
Improper Input Validation vulnerability in multiple products

The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.

5.0
2009-03-31 CVE-2007-6724 Vidalia Project
Microsoft
Configuration vulnerability in Vidalia-Project Vidalia Bundle

Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration.

5.0
2009-03-31 CVE-2007-6722 Vidalia Project
Apple
Microsoft
Configuration vulnerability in Vidalia-Project Vidalia Bundle

Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.

5.0
2009-03-31 CVE-2005-4880 JAX Scripts Permissions, Privileges, and Access Controls vulnerability in JAX Scripts JAX Guestbook 3.1/3.3.1

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

5.0
2009-03-30 CVE-2008-6549 Moinmo Unspecified vulnerability in Moinmo Moinmoin 1.6.1

The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

5.0
2009-03-30 CVE-2008-6538 Holger Schurig Improper Input Validation vulnerability in Holger Schurig Destar 0.2.25

DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser.

5.0
2009-03-30 CVE-2008-6537 Lightneasy Information Exposure vulnerability in Lightneasy 1.2

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.

5.0
2009-04-02 CVE-2009-1237 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

4.9
2009-04-01 CVE-2009-1214 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Screen 4.0.3

GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.

4.9
2009-03-30 CVE-2008-6542 Dotnetnuke Remote vulnerability in DotNetNuke Prior to 4.8.2

Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.

4.6
2009-04-01 CVE-2009-1207 SUN Race Condition vulnerability in SUN Opensolaris and Solaris

Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.

4.4
2009-04-03 CVE-2008-6600 Xmlportal Cross-Site Scripting vulnerability in Xmlportal 3.0

Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2009-04-03 CVE-2008-6597 Phpcredo Cross-Site Scripting vulnerability in PHPcredo Phcdownload 1.1

Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter.

4.3
2009-04-03 CVE-2008-6589 Lightneasy
Sqlite
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

4.3
2009-04-02 CVE-2009-1234 Opera Improper Input Validation vulnerability in Opera Browser 9.52/9.64

Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags.

4.3
2009-04-02 CVE-2009-1233 Apple
Microsoft
Improper Input Validation vulnerability in Apple Safari 3.2.2/4

Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.

4.3
2009-04-02 CVE-2009-1232 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.

4.3
2009-04-02 CVE-2009-1228 Arcadwy Cross-Site Scripting vulnerability in Arcadwy Arcade Script CMS

Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).

4.3
2009-04-02 CVE-2009-1225 Platinumprofitzone Cross-Site Scripting vulnerability in Platinumprofitzone Turnkey Ebook Store 1.1

Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.

4.3
2009-04-01 CVE-2009-1220 Cisco Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance and IOS

Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header.

4.3
2009-04-01 CVE-2009-1218 SUN Cross-Site Scripting vulnerability in SUN Java System Calendar Server and ONE Calendar Server

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.

4.3
2009-04-01 CVE-2009-1217 Microsoft Off-by-one Error vulnerability in Microsoft Gdi+

Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."

4.3
2009-04-01 CVE-2009-1204 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 2.2

Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.

4.3
2009-03-31 CVE-2009-0842 Osgeo
UMN
Information Exposure vulnerability in multiple products

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.

4.3
2009-03-31 CVE-2004-2762 IBM Multiple vulnerability in IBM Tivoli Storage Manager

The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.

4.3
2009-03-31 CVE-2008-6571 Linpha Cross-Site Scripting vulnerability in Linpha

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.

4.3
2009-03-31 CVE-2008-6570 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

4.3
2009-03-31 CVE-2008-6567 Gallarific Cross-Site Scripting vulnerability in Gallarific

Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via (1) the e-mail address, (2) a comment, which is not properly handled during moderation, and (3) the tag parameter to gallery/tags.php.

4.3
2009-03-31 CVE-2008-6565 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.

4.3
2009-03-31 CVE-2008-6562 JAX Scripts Cross-Site Scripting vulnerability in JAX Scripts JAX Linklists 1.00

Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2009-03-31 CVE-2007-6723 Anonymityanywhere
Apple
Microsoft
Configuration vulnerability in Anonymityanywhere Tork 0.22

TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.

4.3
2009-03-31 CVE-2005-4879 JAX Scripts Cross-Site Scripting vulnerability in JAX Scripts JAX Guestbook 3.1/3.31

Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters.

4.3
2009-03-31 CVE-2009-1175 Banshee Project Cross-Site Scripting vulnerability in Banshee-Project Banshee 1.4.2

Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message.

4.3
2009-03-30 CVE-2009-1171 Moodle Improper Input Validation vulnerability in Moodle

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

4.3
2009-03-30 CVE-2008-6550 Davidbourrier Cross-Site Scripting vulnerability in Davidbourrier Glossaire 2.0

Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-03-31 CVE-2003-1570 IBM Improper Authentication vulnerability in IBM Tivoli Storage Manager

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."

3.5
2009-03-31 CVE-2009-1173 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 7.0/7.0.0.1

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used.

2.1
2009-04-01 CVE-2009-1215 GNU Race Condition vulnerability in GNU Screen 4.0.3

Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.

1.9
2009-03-31 CVE-2008-6561 Citrix
Microsoft
Information Exposure vulnerability in Citrix Presentation Server Client 10.200

Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.

1.9