Weekly Vulnerabilities Reports > April 27 to May 3, 2009

Overview

117 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 123 products from 83 vendors including Scripts FOR Sites, Razorcms, Viart, Peterselie, and Symantec. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Path Traversal", and "Code Injection".

  • 108 reported vulnerabilities are remotely exploitables.
  • 54 reported vulnerabilities have public exploit available.
  • 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 107 reported vulnerabilities are exploitable by an anonymous user.
  • Scripts FOR Sites has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Symantec has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-30 CVE-2009-1291 Tibco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.

10.0
2009-04-29 CVE-2009-1429 Symantec Code Injection vulnerability in Symantec products

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.

10.0
2009-04-28 CVE-2008-6767 Wordpress Denial-Of-Service vulnerability in Wordpress 2.6

wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.

10.0
2009-04-28 CVE-2008-6761 China ON Site Code Injection vulnerability in China-On-Site Flexcustomer0.0.6

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field).

10.0
2009-04-28 CVE-2008-2438 HP Numeric Errors vulnerability in HP Openview Network Node Manager 7.01/7.51/7.53

Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.

10.0
2009-04-27 CVE-2009-1443 Ocsinventory NG Multiple Unspecified vulnerability in Ocsinventory-Ng OCS Inventory NG 1.0

Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.

10.0
2009-05-01 CVE-2009-1497 Gomlab Buffer Errors vulnerability in Gomlab GOM Player 2.1.16

Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.

9.3
2009-04-30 CVE-2009-1313 Mozilla Resource Management Errors vulnerability in Mozilla Firefox 3.0.9

The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors.

9.3
2009-04-30 CVE-2009-1492 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.

9.3
2009-04-29 CVE-2009-1431 Symantec Unspecified vulnerability in Symantec products

XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.

9.3
2009-04-29 CVE-2009-1430 Symantec Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products

Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.

9.3
2009-04-27 CVE-2009-1449 Coolplayer Buffer Errors vulnerability in Coolplayer 2.19.1

Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a skin file (skin.ini) with a large PlaylistSkin parameter.

9.3
2009-04-27 CVE-2009-1437 Coolplayer Buffer Errors vulnerability in Coolplayer 2.19.1

Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.

9.3

40 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-01 CVE-2009-1511 Microsoft Resource Management Errors vulnerability in Microsoft Windows XP

GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value.

7.8
2009-04-27 CVE-2009-1439 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.

7.8
2009-04-30 CVE-2009-1348 Mcafee Improper Input Validation vulnerability in Mcafee products

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

7.6
2009-05-01 CVE-2009-1510 Koschtit Path Traversal vulnerability in Koschtit Image Gallery 1.82

Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter to (1) ki_makepic.php and (2) ki_nojsdisplayimage.php in ki_base/.

7.5
2009-05-01 CVE-2009-1509 Myiosoft SQL Injection vulnerability in Myiosoft Ajaxportal 3.0

SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2009-05-01 CVE-2009-1508 Keir Davis SQL Injection vulnerability in Keir Davis X-Forum 0.6.2

SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.

7.5
2009-05-01 CVE-2008-6787 Jeremy Powers SQL Injection vulnerability in Jeremy Powers Lizardware CMS 0.6.0

SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user.

7.5
2009-05-01 CVE-2009-1507 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal Nodeaccess Userreference

The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.

7.5
2009-05-01 CVE-2009-1504 Xigla Improper Authentication vulnerability in Xigla Absolute Control Panel XE 1.5

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."

7.5
2009-05-01 CVE-2009-1503 Tigerdms SQL Injection vulnerability in Tigerdms

Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2009-05-01 CVE-2009-1502 Matteoiammarrone Path Traversal vulnerability in Matteoiammarrone S-Cms 1.1/1.5.2

Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

7.5
2009-05-01 CVE-2009-1365 Adobe RPC Call Privilege Escalation vulnerability in Adobe Flash Media Server

Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests.

7.5
2009-05-01 CVE-2009-1364 Francis James Franklin
Opensuse
Remote Code Execution vulnerability in libwmf WMF Image File

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

7.5
2009-05-01 CVE-2008-6784 Scripts FOR Sites SQL Injection vulnerability in Scripts-For-Sites EZ Adult Directory

SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

7.5
2009-05-01 CVE-2008-6783 Scripts FOR Sites SQL Injection vulnerability in Scripts-For-Sites EZ Home Business Directory

SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

7.5
2009-05-01 CVE-2008-6782 Scripts FOR Sites SQL Injection vulnerability in Scripts-For-Sites EZ Hosting Directory

SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

7.5
2009-05-01 CVE-2008-6781 Scripts FOR Sites SQL Injection vulnerability in Scripts-For-Sites EZ Gaming Directory

SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

7.5
2009-05-01 CVE-2008-6780 Scripts FOR Sites SQL Injection vulnerability in Scripts-For-Sites EZ Affiliate

SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

7.5
2009-05-01 CVE-2008-6779 Phpnuke SQL Injection vulnerability in PHPnuke Sarkilar Module

SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.

7.5
2009-05-01 CVE-2008-6778 Scripts FOR Sites SQL Injection vulnerability in Scripts-For-Sites EZ Auction

SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2009-05-01 CVE-2008-6776 Scripts FOR Sites SQL Injection vulnerability in Scripts-For-Sites EZ HOT OR NOT

SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.

7.5
2009-05-01 CVE-2009-1499 Joomla SQL Injection vulnerability in Joomla COM Mailto and Joomla!

SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php.

7.5
2009-04-30 CVE-2009-1416 GNU Cryptographic Issues vulnerability in GNU Gnutls

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

7.5
2009-04-30 CVE-2009-0663 Perl
CMU
Buffer Errors vulnerability in CMU Dbd::Pg 1.49

Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.

7.5
2009-04-29 CVE-2009-1489 Rens Rikkerink Improper Authentication vulnerability in Rens Rikkerink Fungamez

includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.

7.5
2009-04-29 CVE-2009-1487 Rens Rikkerink SQL Injection vulnerability in Rens Rikkerink Fungamez

SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter.

7.5
2009-04-29 CVE-2009-1486 Ninjadesigns Path Traversal vulnerability in Ninjadesigns Flatchat 3.0

Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-04-29 CVE-2009-1481 Pjhome SQL Injection vulnerability in Pjhome Puterjams Blog 3.0.6.170

SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009.

7.5
2009-04-29 CVE-2009-1480 Pragyan CMS Project SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 2.6.4

SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.

7.5
2009-04-29 CVE-2008-6772 Peterselie Improper Input Validation vulnerability in Peterselie Yourplace 1.0/1.0.1

login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.

7.5
2009-04-28 CVE-2009-1463 Razorcms Code Injection vulnerability in Razorcms 0.2/0.3

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file.

7.5
2009-04-28 CVE-2009-1452 Bluevirus Design Code Injection vulnerability in Bluevirus-Design Sma-Db 0.3.13

Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters.

7.5
2009-04-28 CVE-2008-6763 Hypersilence Improper Authentication vulnerability in Hypersilence Silentum Loginsys 1.0.0

login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.

7.5
2009-04-28 CVE-2009-1450 Bluevirus Design Code Injection vulnerability in Bluevirus-Design Sma-Db 0.3.12

PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter.

7.5
2009-04-27 CVE-2009-1445 Ivano Culmine Path Traversal vulnerability in Ivano Culmine Webportal CMS 0.8

Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php.

7.5
2009-04-27 CVE-2009-1444 Webportal Code Injection vulnerability in Webportal CMS 0.8Beta

PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.

7.5
2009-04-27 CVE-2009-1438 Konstanty Bialkowski Numeric Errors vulnerability in Konstanty Bialkowski Libmodplug 0.8/0.8.4/0.8.5

Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.

7.5
2009-04-27 CVE-2008-6753 Silverstripe SQL Injection vulnerability in Silverstripe

SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.

7.5
2009-04-28 CVE-2009-1462 Razorcms Permissions, Privileges, and Access Controls vulnerability in Razorcms 0.2/0.3

The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.

7.2
2009-05-01 CVE-2008-6775 HTC Denial-Of-Service vulnerability in TOUCH CRUISE

HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204.

7.1

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-01 CVE-2008-6785 Galaxyscripts Code Injection vulnerability in Galaxyscripts Mini File Host 1.5

Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file.

6.8
2009-05-01 CVE-2009-1506 Intelliants SQL Injection vulnerability in Intelliants Elitius 1.0

SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.

6.8
2009-05-01 CVE-2009-1500 Projectcms SQL Injection vulnerability in Projectcms 1.0Beta

SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.

6.8
2009-05-01 CVE-2009-1498 IDB Path Traversal vulnerability in IDB 0.2.5Prealpha

Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-04-30 CVE-2009-1493 Adobe
Linux
Resource Management Errors vulnerability in Adobe Reader 8.1.4/9.1

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

6.8
2009-04-30 CVE-2009-1434 Foswiki Cross-Site Request Forgery (CSRF) vulnerability in Foswiki

Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.

6.8
2009-04-29 CVE-2009-1488 Rens Rikkerink Path Traversal vulnerability in Rens Rikkerink Fungamez

Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-04-29 CVE-2009-1483 Studiolounge Script Authentication Bypass vulnerability in Studiolounge Address Book 2.5

Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/.

6.8
2009-04-29 CVE-2008-6768 Shopsystem Forum Unspecified vulnerability in Shopsystem-Forum K&S Shopsoftware

Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.

6.8
2009-04-28 CVE-2009-1459 Razorcms Cross-Site Request Forgery (CSRF) vulnerability in Razorcms 0.2/0.3

Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.

6.8
2009-04-28 CVE-2009-1455 Andrew Simpson Cross-Site Request Forgery (CSRF) vulnerability in Andrew Simpson Webcollab

Multiple cross-site request forgery (CSRF) vulnerabilities in WebCollab before 2.50 (aka Billy Goat) allow remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact.

6.8
2009-04-28 CVE-2009-1453 Anoochit Chalothorn SQL Injection vulnerability in Anoochit Chalothorn Tiny Blogr 1.0.0

SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field).

6.8
2009-04-28 CVE-2008-6758 Viart Cross-Site Request Forgery (CSRF) vulnerability in Viart Shop 3.5

Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.

6.8
2009-04-27 CVE-2009-1447 E Cart Unspecified vulnerability in E-Cart Free Shopping Cart

Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.

6.8
2009-04-27 CVE-2009-1440 Amule Unspecified vulnerability in Amule 2.2.4

Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename.

6.8
2009-05-01 CVE-2009-1512 Keir Davis Code Injection vulnerability in Keir Davis X-Forum 0.6.2

Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.

6.5
2009-05-01 CVE-2009-1505 Drupal SQL Injection vulnerability in Drupal News Page 5.X1.1/5.X1.X

SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

6.5
2009-04-29 CVE-2008-6773 Peterselie Code Injection vulnerability in Peterselie Yourplace 1.0/1.0.1

Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters.

6.5
2009-04-28 CVE-2009-1456 Stephane Rajalu Path Traversal vulnerability in Stephane Rajalu Malleo 1.2.3

Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a ..

6.5
2009-04-27 CVE-2009-1446 Elkagroup Improper Input Validation vulnerability in Elkagroup Image Gallery 1.0

Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/.

6.5
2009-04-30 CVE-2009-1339 Twiki Cross-Site Request Forgery (CSRF) vulnerability in Twiki

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.

6.0
2009-04-29 CVE-2008-6769 Peterselie Remote vulnerability in YourPlace 1.0.2

Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.

6.0
2009-04-29 CVE-2009-0719 HP Local Unauthorized Access vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31

Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.

6.0
2009-05-01 CVE-2008-6777 Myphp SQL Injection vulnerability in Myphp Forum 1.0/2.0

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.

5.1
2009-05-01 CVE-2008-6786 Codewiz Path Traversal vulnerability in Codewiz Geekigeeki 2.0

Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (1) handle_edit and (2) handle_raw functions.

5.0
2009-05-01 CVE-2009-1496 Joomla
Ijobid
Path Traversal vulnerability in Ijobid COM Cmimarketplace 0.1

Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a ..

5.0
2009-05-01 CVE-2009-1495 Webfileexplorer Permissions, Privileges, and Access Controls vulnerability in Webfileexplorer web File Explorer 3.1

Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.

5.0
2009-04-30 CVE-2009-1494 Memcachedb Information Exposure vulnerability in Memcachedb Memcached 1.2.8

The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.

5.0
2009-04-30 CVE-2009-1432 Symantec Improper Input Validation vulnerability in Symantec Antivirus, Client Security and Endpoint Protection

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

5.0
2009-04-30 CVE-2009-1417 GNU Cryptographic Issues vulnerability in GNU Gnutls

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.

5.0
2009-04-30 CVE-2009-1341 Debian Information Exposure vulnerability in Debian Libdbd-Pg-Perl

Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.

5.0
2009-04-30 CVE-2009-1255 Memcachedb Information Exposure vulnerability in Memcachedb Memcached

The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.

5.0
2009-04-29 CVE-2009-1485 Aemuleplus
Emuleplus
Denial-Of-Service vulnerability in Emule Plus

The logging feature in eMule Plus before 1.2e allows remote attackers to cause a denial of service (infinite loop) via unspecified attack vectors.

5.0
2009-04-29 CVE-2008-6774 Peterselie Permissions, Privileges, and Access Controls vulnerability in Peterselie Yourplace 1.0/1.0.1

internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username.

5.0
2009-04-29 CVE-2008-6771 Peterselie Permissions, Privileges, and Access Controls vulnerability in Peterselie Yourplace 1.0/1.0.1

YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function.

5.0
2009-04-29 CVE-2008-6770 Peterselie Permissions, Privileges, and Access Controls vulnerability in Peterselie Yourplace 1.0/1.0.1

YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt.

5.0
2009-04-28 CVE-2008-6766 Viart Denial-Of-Service vulnerability in Viart Shop 3.5

cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests.

5.0
2009-04-28 CVE-2008-6765 Viart Remote vulnerability in Viart Shop 3.5

ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter.

5.0
2009-04-27 CVE-2009-1190 SUN
Springsource
Resource Management Errors vulnerability in SUN JDK

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

5.0
2009-04-27 CVE-2008-6755 Zoneminder
Redhat
Permissions, Privileges, and Access Controls vulnerability in Zoneminder 1.23.3

ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.

5.0
2009-04-29 CVE-2009-1478 SUN Local Denial of Service vulnerability in SUN Opensolaris and Solaris

Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors.

4.9
2009-04-27 CVE-2009-1436 Freebsd Improper Input Validation vulnerability in Freebsd

The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.

4.9
2009-04-28 CVE-2009-1460 Razorcms Permissions, Privileges, and Access Controls vulnerability in Razorcms 0.2/0.3

razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact.

4.6
2009-05-01 CVE-2009-1501 Drupal
Exif
Cross-Site Scripting vulnerability in Exif

Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.

4.3
2009-04-30 CVE-2009-1415 GNU Credentials Management vulnerability in GNU Gnutls

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.

4.3
2009-04-29 CVE-2009-1484 Gecad Cross-Site Scripting vulnerability in Gecad Axigen Mail Server 6.2.2

Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages.

4.3
2009-04-29 CVE-2009-1482 Moinmo
Moinmoin
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.

4.3
2009-04-29 CVE-2009-1428 Symantec Cross-Site Scripting vulnerability in Symantec products

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."

4.3
2009-04-28 CVE-2009-1458 Razorcms Cross-Site Scripting vulnerability in Razorcms 0.2/0.3

Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action.

4.3
2009-04-28 CVE-2009-1457 Evolution Extreme Cross-Site Scripting vulnerability in Evolution-Extreme Nuke Evolution Xtreme 2.0/2.0.7/2.1.0

Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter.

4.3
2009-04-28 CVE-2009-1454 Andrew Simpson Cross-Site Scripting vulnerability in Andrew Simpson Webcollab

Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action.

4.3
2009-04-28 CVE-2008-6764 Hypersilence Cross-Site Scripting vulnerability in Hypersilence Silentum Loginsys 1.0.0

Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2009-04-28 CVE-2008-6762 Wordpress Link Following vulnerability in Wordpress 2.6

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.

4.3
2009-04-28 CVE-2008-6760 Viart Link Following vulnerability in Viart Shop 3.5

ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.

4.3
2009-04-28 CVE-2008-6759 Viart Link Following vulnerability in Viart Shop 3.5

ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message.

4.3
2009-04-28 CVE-2008-6757 Viart Cross-Site Scripting vulnerability in Viart Shop 3.5

Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter.

4.3
2009-04-28 CVE-2009-1451 Bluevirus Design Cross-Site Scripting vulnerability in Bluevirus-Design Sma-Db 0.3.12

Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-04-27 CVE-2009-1448 Lovpop Cross-Site Scripting vulnerability in Lovpop Apricot 1.20

Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2009-04-27 CVE-2008-6754 Jelsoft
Mephisteus
Information Exposure vulnerability in Mephisteus the Personal Sticky Threads 1.0.3C

The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-04-27 CVE-2009-1189 Freedesktop Improper Input Validation vulnerability in Freedesktop Dbus

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key.

3.6
2009-04-28 CVE-2009-1461 Razorcms Cross-Site Scripting vulnerability in Razorcms 0.2/0.3

Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field.

3.5
2009-04-27 CVE-2008-6756 Zoneminder
Gentoo
Permissions, Privileges, and Access Controls vulnerability in Zoneminder 1.23.3

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.

2.1
2009-04-27 CVE-2009-1435 Trendmicro Resource Management Errors vulnerability in Trendmicro Officescan 8.0

NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames.

2.1
2009-04-30 CVE-2009-1295 Apport
Ubuntu
Configuration vulnerability in multiple products

Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.

1.9