Weekly Vulnerabilities Reports > April 6 to 12, 2009

Overview

169 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 67 high severity vulnerabilities. This weekly summary report vulnerabilities in 152 products from 114 vendors including Typo3, Vmware, Linux, Cisco, and Apache. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Numeric Errors".

  • 158 reported vulnerabilities are remotely exploitables.
  • 59 reported vulnerabilities have public exploit available.
  • 85 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 160 reported vulnerabilities are exploitable by an anonymous user.
  • Typo3 has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Avaya has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-10 CVE-2008-6703 Stalker Game Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Stalker-Game S.T.A.L.K.E.R.: Shadow of Chernobyl

Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.

10.0
2009-04-09 CVE-2009-1251 Unix
Openafs
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.

10.0
2009-04-09 CVE-2009-0846 MIT Improper Input Validation vulnerability in MIT Kerberos and Kerberos 5

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

10.0
2009-04-07 CVE-2008-6651 Oxyproject Code Injection vulnerability in Oxyproject Oxybox 0.85

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.

10.0
2009-04-09 CVE-2009-0197 Irfanview Numeric Errors vulnerability in Irfanview Formats 4.00/4.10/4.20

Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.

9.3
2009-04-07 CVE-2009-1260 Ezbsystems Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ezbsystems Ultraiso

Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.

9.3
2009-04-06 CVE-2009-0909 Vmware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.

9.3
2009-04-10 CVE-2008-6711 Avaya Multiple Security vulnerability in Avaya Communication Manager

Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."

9.0
2009-04-10 CVE-2008-6710 Avaya Multiple Security vulnerability in Avaya Communication Manager

Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."

9.0
2009-04-10 CVE-2008-6709 Avaya Multiple Security vulnerability in Avaya Communication Manager and SIP Enablement Services

Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."

9.0
2009-04-10 CVE-2008-6708 Avaya Multiple Security vulnerability in Avaya Communication Manager and SIP Enablement Services

Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."

9.0
2009-04-07 CVE-2009-1257 Magic ISO Maker Buffer Errors vulnerability in Magic ISO Maker Magic ISO Maker 5.5

Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file.

9.0

67 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-07 CVE-2008-6638 Versalsoft Configuration vulnerability in Versalsoft Http File Upload Activex Control 6.0.0.35

Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote attackers to delete arbitrary files via the RemoveFileOrDir method.

8.8
2009-04-10 CVE-2008-6706 Avaya Multiple Security vulnerability in Avaya Communication Manager and SIP Enablement Services

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."

7.8
2009-04-09 CVE-2009-1159 Cisco Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.

7.8
2009-04-09 CVE-2009-1158 Cisco Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet.

7.8
2009-04-09 CVE-2009-1157 Cisco Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX

Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet.

7.8
2009-04-09 CVE-2009-1155 Cisco Improper Authentication vulnerability in Cisco Adaptive Security Appliance 5500 and PIX

Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.

7.8
2009-04-09 CVE-2009-1250 IBM
Openafs
Linux
Numeric Errors vulnerability in multiple products

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.

7.8
2009-04-08 CVE-2009-1270 Cclamav
Clamav
Clamavclamav
Clamavs
Code Injection vulnerability in clamav

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

7.8
2009-04-07 CVE-2008-6630 Typo3 Path Traversal vulnerability in Typo3 WT Gallery

Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors.

7.8
2009-04-06 CVE-2008-6621 Graphicsmagick Unspecified vulnerability in Graphicsmagick

Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images.

7.8
2009-04-10 CVE-2008-6714 Xecms Project Improper Authentication vulnerability in Xecms Project Xecms 1.0.0

admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie.

7.5
2009-04-10 CVE-2008-6701 Netscout Permissions, Privileges, and Access Controls vulnerability in Netscout Ngenius Infinistream and Visualizer

NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.

7.5
2009-04-10 CVE-2008-6697 Typo3
Michael Fritz
SQL Injection vulnerability in Michael Fritz Worldcup

SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6696 Typo3
Manu Oehler
SQL Injection vulnerability in Manu Oehler Toto 0.1.0

SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6695 Typo3
Frank Naegler
SQL Injection vulnerability in Frank Naegler Timtab Sociable

SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6694 Typo3
FR Simon Rundell
SQL Injection vulnerability in Fr.Simon Rundell STE Prayer 0.0.1

SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6693 Typo3
Sebastian Baumann
SQL Injection vulnerability in Sebastian Baumann SB Downloader

SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6692 Typo3
FR Simon Rundell
SQL Injection vulnerability in Fr.Simon Rundell PD Trainingcourses 0.1.1

SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6691 Typo3
Diocese OF Portsmouth
SQL Injection vulnerability in Diocese of Portsmouth PD Calendar Today 0.0.3

SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6690 Typo3 Setting Manipulation vulnerability in Typo3 ND Antispam 1.0.3

Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors.

7.5
2009-04-10 CVE-2008-6689 Typo3
Kevin Renskers
SQL Injection vulnerability in Kevin Renskers Dmmjobcontrol

SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6686 Typo3
JAN Bednarik
SQL Injection vulnerability in JAN Bednarik Cooluri

SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-04-10 CVE-2008-6685 Typo3
Thomas Waggershauser
Code Execution vulnerability in TYPO3 Frontend Filemanager Extension

Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.

7.5
2009-04-09 CVE-2009-1282 Glfusion SQL Injection vulnerability in Glfusion

SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.

7.5
2009-04-09 CVE-2009-1278 Gravityboardx Code Injection vulnerability in Gravityboardx Gravity Board X 2.0

Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.

7.5
2009-04-09 CVE-2009-1277 Gravityboardx SQL Injection vulnerability in Gravityboardx Gravity Board X 2.0

SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action.

7.5
2009-04-08 CVE-2007-6725 Ghostscript Buffer Errors vulnerability in Ghostscript 8.61

The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.

7.5
2009-04-08 CVE-2008-6678 Quickersite SQL Injection vulnerability in Quickersite 1.8.5

SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.

7.5
2009-04-08 CVE-2008-6677 Quickersite Code Injection vulnerability in Quickersite 1.8.5

Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.

7.5
2009-04-08 CVE-2008-6673 Quickersite Permissions, Privileges, and Access Controls vulnerability in Quickersite 1.8.5

asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.

7.5
2009-04-08 CVE-2008-6669 Dirk Bartley OS Command Injection vulnerability in Dirk Bartley Nweb2Fax

viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.

7.5
2009-04-08 CVE-2008-6667 Marc Melvin Improper Authentication vulnerability in Marc Melvin A+ PHP Scripts News Management System

A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.

7.5
2009-04-08 CVE-2008-6664 Yarck Improper Authentication vulnerability in Yarck Sh-News 3.0

action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.

7.5
2009-04-08 CVE-2008-6663 Phpauctions SQL Injection vulnerability in PHPauctions

SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.

7.5
2009-04-07 CVE-2009-1263 Joomla
Alikonweb
SQL Injection vulnerability in Alikonweb COM Bookjoomlas 0.1

SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.

7.5
2009-04-07 CVE-2009-1258 RD Media
Joomla
SQL Injection vulnerability in Rd-Media COM Rdautos 1.5.7

SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php.

7.5
2009-04-07 CVE-2009-1256 Flexcms SQL Injection vulnerability in Flexcms 2.5

SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter.

7.5
2009-04-07 CVE-2008-6656 Openautoclassifieds SQL Injection vulnerability in Openautoclassifieds Open Auto Classifieds 1.4.3B

Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.

7.5
2009-04-07 CVE-2008-6653 Joomla
Mambo
WH COM
SQL Injection vulnerability in Wh-Com COM Webhosting

SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5
2009-04-07 CVE-2008-6652 Insanevisions SQL Injection vulnerability in Insanevisions Onecms 2.5

SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.

7.5
2009-04-07 CVE-2008-6649 Ktools SQL Injection vulnerability in Ktools Photostore

SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-04-07 CVE-2008-6648 Ktools SQL Injection vulnerability in Ktools Photostore 3.4.3/3.5.2

SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php.

7.5
2009-04-07 CVE-2008-6647 Ktools SQL Injection vulnerability in Ktools Photostore 3.4.3

SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.

7.5
2009-04-07 CVE-2008-6642 Dotcontent SQL Injection vulnerability in Dotcontent Fluentcms 4.0/4.1

SQL injection vulnerability in view.php in DotContent FluentCMS 4.x allows remote attackers to execute arbitrary SQL commands via the sid parameter.

7.5
2009-04-07 CVE-2008-6640 Aspindir SQL Injection vulnerability in Aspindir Batmanportal

Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp.

7.5
2009-04-07 CVE-2008-6634 Beaussier SQL Injection vulnerability in Beaussier Roomphplanning 1.5

SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php.

7.5
2009-04-07 CVE-2008-6633 Beaussier SQL Injection vulnerability in Beaussier Roomphplanning 1.5

SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php.

7.5
2009-04-07 CVE-2008-6632 Mercuryboard SQL Injection vulnerability in Mercuryboard

SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).

7.5
2009-04-06 CVE-2008-6627 Webbdomain SQL Injection vulnerability in Webbdomain Webshop 1.02/1.1

SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-04-06 CVE-2008-6626 Webbdomain SQL Injection vulnerability in Webbdomain Quiz 1.0/1.01

SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-04-06 CVE-2008-6625 Webbdomain SQL Injection vulnerability in Webbdomain Polls 1.0/1.01

SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-04-06 CVE-2008-6624 Webbdomain SQL Injection vulnerability in Webbdomain Petition

SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-04-06 CVE-2008-6623 Webbdomain SQL Injection vulnerability in Webbdomain Post Card 1.01

SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-04-06 CVE-2008-6622 Webbdomian SQL Injection vulnerability in Webbdomian Post Card 1.01

SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2009-04-06 CVE-2008-6618 Netlab SQL Injection vulnerability in Netlab Classsystem 2.3

Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.

7.5
2009-04-06 CVE-2008-6615 ZEN Cart SQL Injection vulnerability in Zen-Cart ZEN Cart 2008

SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page.

7.5
2009-04-06 CVE-2008-6614 Impliedbydesign SQL Injection vulnerability in Impliedbydesign IBD Micro CMS 3.5

Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).

7.5
2009-04-06 CVE-2009-1248 Acutecp Code Injection vulnerability in Acutecp Acute Control Panel 1.0.0

Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.

7.5
2009-04-06 CVE-2009-1247 Acutecp Rediscussed SQL Injection vulnerability in Acutecp.Rediscussed Acutecp 1.0.0

SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-04-06 CVE-2009-1246 Blogplus Path Traversal vulnerability in Blogplus 1.0

Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2009-04-06 CVE-2009-1245 Cccp Common Clan Portal Pasterbin SQL Injection vulnerability in Cccp-Common-Clan-Portal-Pasterbin Cccp Pastebin

Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php.

7.5
2009-04-06 CVE-2008-6613 Abweb Permissions, Privileges, and Access Controls vulnerability in Abweb Minimal-Ablog 0.4

uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.

7.5
2009-04-06 CVE-2008-6611 Abweb SQL Injection vulnerability in Abweb Minimal Ablog 0.4

SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-04-06 CVE-2008-6608 Developiteasy SQL Injection vulnerability in Developiteasy Events Calendar 1.2

Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php.

7.5
2009-04-06 CVE-2008-6606 Matpo SQL Injection vulnerability in Matpo Link 1.2

SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-04-07 CVE-2009-1262 Fortinet USE of Externally-Controlled Format String vulnerability in Fortinet Forticlient 3.0.614

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

7.2
2009-04-06 CVE-2009-1147 Vmware Remote vulnerability in VMware Hosted Products VMSA-2009-0005

Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.

7.2

84 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-09 CVE-2009-1144 Foolabs
Glyphandcog
Gentoo
Code Injection vulnerability in multiple products

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

6.9
2009-04-10 CVE-2008-6684 Yourfreeworld Improper Input Validation vulnerability in Yourfreeworld Apartment Search Script

Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/.

6.8
2009-04-09 CVE-2009-1283 Glfusion Cryptographic Issues vulnerability in Glfusion

glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.

6.8
2009-04-09 CVE-2009-1280 Joomla Cross-Site Request Forgery (CSRF) vulnerability in Joomla

Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2009-04-09 CVE-2009-1275 Apache Cross-Site Scripting And Information Disclosure vulnerability in Apache Tiles 2.1.0/2.1.1

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.

6.8
2009-04-09 CVE-2009-1254 James Stone Improper Input Validation vulnerability in James Stone Tunapie 2.1

James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.

6.8
2009-04-08 CVE-2008-6665 Anantasoft Code Injection vulnerability in Anantasoft Ananta CMS 1.0B5

change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.

6.8
2009-04-07 CVE-2009-1259 Insanevisions SQL Injection vulnerability in Insanevisions Adaptbb 1.0

SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php.

6.8
2009-04-07 CVE-2008-6660 Ozerov Unspecified vulnerability in Ozerov Bigdump 029B

Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request.

6.8
2009-04-07 CVE-2008-6657 Simple Machines Cross-Site Request Forgery (CSRF) vulnerability in Simple Machines Simple Machines Forum

Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.

6.8
2009-04-07 CVE-2008-6639 Ajaxplorer Cross-Site Request Forgery (CSRF) vulnerability in Ajaxplorer 2.3.3/2.3.4

Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action.

6.8
2009-04-07 CVE-2008-6636 Geody Code Injection vulnerability in Geody Dagger

PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_skins parameter.

6.8
2009-04-07 CVE-2008-6635 Geody Code Injection vulnerability in Geody Dagger R12Feb2008

PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_inc parameter.

6.8
2009-04-06 CVE-2008-6619 Netlab Permissions, Privileges, and Access Controls vulnerability in Netlab Classsystem 2.3

Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/.

6.8
2009-04-06 CVE-2008-6617 Sitexs CMS Permissions, Privileges, and Access Controls vulnerability in Sitexs CMS Sitexs CMS 0.1.1

Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.

6.8
2009-04-06 CVE-2008-6612 Abweb Code Injection vulnerability in Abweb Minimal-Ablog 0.4

Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.

6.8
2009-04-06 CVE-2009-0910 Vmware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436.

6.8
2009-04-06 CVE-2008-6605 2Wire Cross-Site Request Forgery (CSRF) vulnerability in 2Wire products

Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.

6.8
2009-04-07 CVE-2008-6641 Aspindir SQL Injection vulnerability in Aspindir Shader TV

Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp.

6.5
2009-04-10 CVE-2008-6707 Avaya Improper Authentication vulnerability in Avaya Communication Manager and SIP Enablement Services

The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."

6.4
2009-04-06 CVE-2008-6610 OTT Path Traversal vulnerability in OTT PHPcksec 0.2

Absolute path traversal vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2.0 allows remote attackers to list arbitrary directories and read arbitrary files via a full pathname in the file parameter.

6.4
2009-04-06 CVE-2009-0908 Vmware Remote vulnerability in VMware Hosted Products VMSA-2009-0005

Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.

6.4
2009-04-09 CVE-2009-0844 MIT Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in MIT Kerberos and Kerberos 5

The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

5.8
2009-04-09 CVE-2009-1156 Cisco Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet.

5.7
2009-04-07 CVE-2008-6659 Simple Machines Path Traversal vulnerability in Simple Machines Simple Machines Forum

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.

5.5
2009-04-10 CVE-2008-6713 Massive Entertainment Resource Management Errors vulnerability in Massive Entertainment WIC

World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.

5.0
2009-04-10 CVE-2008-6712 EA Remote Denial of Service vulnerability in EA Crysis 1.1/1.2

The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.

5.0
2009-04-10 CVE-2008-6705 Stalker Game Remote vulnerability in S.T.A.L.K.E.R Shadow of Chernobyl

The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server termination) via a crafted packet without an expected 0xe0 or 0xe1 value, which triggers the INT3 instruction.

5.0
2009-04-10 CVE-2008-6704 Stalker Game Numeric Errors vulnerability in Stalker-Game S.T.A.L.K.E.R.: Shadow of Chernobyl

Integer overflow in the NET_Compressor::Decompress function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server crash) via a crafted packet with a 0xc1 value that contains no compressed data, which triggers a copy of a large amount of memory.

5.0
2009-04-10 CVE-2008-6702 Stalker Game Improper Input Validation vulnerability in Stalker-Game S.T.A.L.K.E.R.: Shadow of Chernobyl

S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.

5.0
2009-04-09 CVE-2009-1284 Bibtex Buffer Errors vulnerability in Bibtex 0.99

Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.

5.0
2009-04-08 CVE-2009-1274 Xine Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xine Xine-Lib

Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow.

5.0
2009-04-08 CVE-2009-1273 Andrew J Korty Credentials Management vulnerability in Andrew J.Korty PAM SSH 1.92

pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.

5.0
2009-04-08 CVE-2009-1272 PHP Improper Input Validation vulnerability in PHP

The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.

5.0
2009-04-08 CVE-2009-1271 PHP Unspecified vulnerability in PHP

The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.

5.0
2009-04-08 CVE-2008-6680 Clamav Numeric Errors vulnerability in Clamav

libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.

5.0
2009-04-08 CVE-2008-6679 Ghostscript Buffer Errors vulnerability in Ghostscript 8.62

Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.

5.0
2009-04-08 CVE-2008-6676 Quickersite Improper Input Validation vulnerability in Quickersite 1.8.5

QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message.

5.0
2009-04-08 CVE-2008-6674 Quickersite Permissions, Privileges, and Access Controls vulnerability in Quickersite 1.8.5

mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.

5.0
2009-04-08 CVE-2008-6672 Vertex4 Numeric Errors vulnerability in Vertex4 Sunage 1.05/1.06/1.08

Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service ("runtime error") via a crafted join packet to UDP port 27960, probably related to an invalid nickname command.

5.0
2009-04-08 CVE-2008-6671 Vertex4 Numeric Errors vulnerability in Vertex4 Sunage 1.05/1.06/1.08

Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted join packet to UDP port 27960.

5.0
2009-04-08 CVE-2008-6670 Vertex4 Numeric Errors vulnerability in Vertex4 Sunage 1.05/1.06/1.08

Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960.

5.0
2009-04-08 CVE-2008-6668 Dirk Bartley Path Traversal vulnerability in Dirk Bartley Nweb2Fax 0.2

Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a ..

5.0
2009-04-08 CVE-2009-1265 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.

5.0
2009-04-07 CVE-2008-6661 Bitdefender
Linux
Numeric Errors vulnerability in Bitdefender Antivirus

Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed (1) NeoLite and (2) ASProtect packed PE file.

5.0
2009-04-07 CVE-2008-6650 Mywebland Permissions, Privileges, and Access Controls vulnerability in Mywebland Minibloggie 1.0

del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.

5.0
2009-04-07 CVE-2008-6643 Lokicms Permissions, Privileges, and Access Controls vulnerability in Lokicms 0.3.4

LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.

5.0
2009-04-06 CVE-2009-1146 Vmware Remote vulnerability in VMware Hosted Products VMSA-2009-0005

Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.

4.9
2009-04-06 CVE-2009-1242 Linux
Opensuse
Debian
Canonical
Fedoraproject
Improper Input Validation vulnerability in multiple products

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.

4.9
2009-04-06 CVE-2008-4916 EMC
Vmware
Remote vulnerability in VMware Hosted Products VMSA-2009-0005

Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.

4.6
2009-04-09 CVE-2009-1253 James Stone Link Following vulnerability in James Stone Tunapie 2.1

James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.

4.4
2009-04-10 CVE-2008-6700 Butterflymedia Cross-Site Scripting vulnerability in Butterflymedia Butterfly Organizer 2.0.0

Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.

4.3
2009-04-10 CVE-2008-6699 Typo3 Cross-Site Scripting vulnerability in Typo3 TJS Reslib and Typo3

Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-04-10 CVE-2008-6698 Typo3
Michael Fritz
Cross-Site Scripting vulnerability in Michael Fritz Worldcup

Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-04-10 CVE-2008-6688 Typo3
Kevin Renskers
Cross-Site Scripting vulnerability in Kevin Renskers Dmmjobcontrol

Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-04-10 CVE-2008-6687 Typo3
David Cadu
Cross-Site Scripting vulnerability in David Cadu Dcdgooglemap

Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-04-10 CVE-2008-6683 Yourfreeworld Cross-Site Scripting vulnerability in Yourfreeworld Apartment Search Script

Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter.

4.3
2009-04-09 CVE-2009-1281 Glfusion Cross-Site Scripting vulnerability in Glfusion

Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-04-09 CVE-2009-1160 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance 5500 and PIX

Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.

4.3
2009-04-09 CVE-2009-0793 Littlecms
SUN
Improper Input Validation vulnerability in multiple products

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."

4.3
2009-04-09 CVE-2008-6682 Apache Cross-Site Scripting vulnerability in Apache Struts

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.

4.3
2009-04-09 CVE-2008-6681 Dojotoolkit Cross-Site Scripting vulnerability in Dojotoolkit Dojo

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

4.3
2009-04-09 CVE-2008-2025 Apache
Novell
Opensuse
Cross-Site Scripting vulnerability in Apache Struts

Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."

4.3
2009-04-09 CVE-2007-6726 Apache
Dojotoolkit
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

4.3
2009-04-09 CVE-2009-0847 MIT Numeric Errors vulnerability in MIT Kerberos 51.6.3

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.

4.3
2009-04-08 CVE-2008-6675 Quickersite Cross-Site Scripting vulnerability in Quickersite 1.8.5

Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.

4.3
2009-04-08 CVE-2008-6666 Kronos Cross-Site Scripting vulnerability in Kronos Webta

Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo.

4.3
2009-04-07 CVE-2009-1261 Webhelpdesk Cross-Site Scripting vulnerability in Webhelpdesk web Help Desk 9.1.22

Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action.

4.3
2009-04-07 CVE-2008-6662 Linux
AVG
Improper Input Validation vulnerability in AVG Anti-Virus 7.5.51

AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via a malformed UPX compressed file, which triggers memory corruption.

4.3
2009-04-07 CVE-2008-6655 Comscripts Cross-Site Scripting vulnerability in Comscripts Gedcom TO Mysl 2

Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.

4.3
2009-04-07 CVE-2008-6654 Structum Cross-Site Scripting vulnerability in Structum Infobiz Server

Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

4.3
2009-04-07 CVE-2008-6646 Coronamatrix Cross-Site Scripting vulnerability in Coronamatrix PHPaddressbook 2.0

Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2009-04-07 CVE-2008-6645 Opencosmo Cross-Site Scripting vulnerability in Opencosmo Visualsentinel 0.7

Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header ($_SERVER ['HTTP_USER_AGENT']), which is not properly handled when displaying log files.

4.3
2009-04-07 CVE-2008-6644 Dotnetnuke Cross-Site Scripting vulnerability in Dotnetnuke

Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-04-07 CVE-2008-6637 Libraryvideocompany Cross-Site Scripting vulnerability in Libraryvideocompany Safari Montage

Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters.

4.3
2009-04-07 CVE-2008-6631 Blogphp Cross-Site Scripting vulnerability in Blogphp 2.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.

4.3
2009-04-06 CVE-2008-6629 Webbdomain Cross-Site Scripting vulnerability in Webbdomain Webshop Online 1.02

Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

4.3
2009-04-06 CVE-2008-6620 Grafxsoftware Cross-Site Scripting vulnerability in Grafxsoftware Minicwb

Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters.

4.3
2009-04-06 CVE-2008-6616 ZEN Cart Cross-Site Scripting vulnerability in Zen-Cart ZEN Cart 2008

Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page.

4.3
2009-04-06 CVE-2009-1249 Drupal Cross-Site Scripting vulnerability in Drupal Feedapi Mapper 5.X1.0/5.X1.X

Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.

4.3
2009-04-06 CVE-2008-6609 OTT Cross-Site Scripting vulnerability in OTT PHPcksec 0.2

Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

4.3
2009-04-06 CVE-2008-6607 Matpo Cross-Site Scripting vulnerability in Matpo Link 1.2

Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter.

4.3
2009-04-07 CVE-2009-1264 Typo3
Stanislas Rolland
Permissions, Privileges, and Access Controls vulnerability in Stanislas Rolland SR Feuser Register

Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.

4.0
2009-04-07 CVE-2008-6658 Simple Machines Path Traversal vulnerability in Simple Machines Simple Machines Forum

Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a ..

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-09 CVE-2009-1279 Joomla Cross-Site Scripting vulnerability in Joomla

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.

2.6
2009-04-09 CVE-2008-5519 Apache Information Exposure vulnerability in Apache MOD JK and Tomcat

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

2.6
2009-04-07 CVE-2009-0796 Apache Cross-Site Scripting vulnerability in Apache MOD Perl 1/2

Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

2.6
2009-04-09 CVE-2009-1276 Gnome
SUN
Information Exposure vulnerability in SUN Opensolaris and Solaris

XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.

2.1
2009-04-06 CVE-2009-0518 Vmware Information Exposure vulnerability in VMWare Esx, VMWare Esxi and VMWare Virtualcenter

VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.

2.1
2009-04-06 CVE-2009-1243 Linux Improper Input Validation vulnerability in Linux Kernel

net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure."

2.1