Weekly Vulnerabilities Reports > May 18 to 24, 2009

Overview

92 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 70 vendors including SUN, Openssl, Roboform, Frax, and Omnisoftsol. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".

  • 88 reported vulnerabilities are remotely exploitables.
  • 54 reported vulnerabilities have public exploit available.
  • 46 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 87 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • SUN has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-22 CVE-2009-1784 AVG Improper Input Validation vulnerability in AVG Anti-Virus

The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.

10.0
2009-05-22 CVE-2009-1783 F Prot Improper Input Validation vulnerability in F-Prot Antivirus, F-Prot Aves and F-Prot Milter

Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.

10.0
2009-05-21 CVE-2009-1745 Armorlogic Credentials Management vulnerability in Armorlogic Profense web Application Firewall 2.4

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.

10.0
2009-05-21 CVE-2009-1161 Cisco Path Traversal vulnerability in Cisco products

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

10.0
2009-05-20 CVE-2009-1730 Netmechanica Path Traversal vulnerability in Netmechanica Netdecision Tftp Server 4.2

Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.

10.0
2009-05-18 CVE-2009-1669 Smarty Improper Input Validation vulnerability in Smarty 2.6.22

The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function.

10.0
2009-05-18 CVE-2009-0721 HP Remote Graphics Software RGS Sender Unauthorized Access vulnerability in HP

Unspecified vulnerability in Easy Login in the Sender module in HP Remote Graphics Software (RGS) 4.0.0 through 5.2.4 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2009-05-22 CVE-2009-1774 Strawberry Path Traversal vulnerability in Strawberry 1.1.1

Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a ..

9.3
2009-05-22 CVE-2009-1759 Rahul Buffer Errors vulnerability in Rahul Ctorrent and Dtorrent

Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.

9.3
2009-05-21 CVE-2009-1743 Pinnaclesys Path Traversal vulnerability in Pinnaclesys Pinnacle Studio 12

Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file.

9.3
2009-05-20 CVE-2009-1740 Dlink Buffer Errors vulnerability in Dlink Mpeg4 Viewer Activex Control 2.11.918.2006

Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2) SetClientCookie methods.

9.3
2009-05-18 CVE-2009-1675 Electrasoft Buffer Errors vulnerability in Electrasoft 32Bit FTP 09.04.24

Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command.

9.3
2009-05-18 CVE-2009-1674 Microchip Buffer Errors vulnerability in Microchip Mplab IDE 8.30

Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608.

9.3
2009-05-18 CVE-2009-1672 SUN Buffer Errors vulnerability in SUN JRE 6

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.

9.3
2009-05-18 CVE-2009-1671 SUN Buffer Errors vulnerability in SUN JRE 6

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.

9.3
2009-05-18 CVE-2009-1667 Mini Stream Buffer Errors vulnerability in Mini-Stream Castripper 2.50.70

Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.

9.3
2009-05-18 CVE-2009-1666 Cyclomedia Memory Corruption vulnerability in Cyclomedia Cycloscopelite 2.50.3.0

Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50.3.0 allow remote attackers to execute arbitrary code via the ReturnConnection method in (1) CM_ADOConnection.dll, (2) CM_AddressInfoDBC.dll, and (3) CM_RecordingLocationDBC.dll, related to improper dereferencing.

9.3
2009-05-18 CVE-2009-1660 Urusoft Buffer Errors vulnerability in Urusoft Viplay3 3.0

Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in a .vpl file.

9.3

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-20 CVE-2009-1737 Diqiye Path Traversal vulnerability in Diqiye Mypic 2.1

Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a ..

7.8
2009-05-22 CVE-2009-1781 Roboform
Frax
Injection vulnerability in Frax PHP Recommend 1.3

Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter.

7.5
2009-05-22 CVE-2009-1780 Roboform
Frax
Missing Authentication for Critical Function vulnerability in Frax PHP Recommend 1.3

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

7.5
2009-05-22 CVE-2009-1779 Roboform
Frax
Path Traversal vulnerability in Frax PHP Recommend 1.3

PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter.

7.5
2009-05-22 CVE-2009-1771 Flyspeck Permissions, Privileges, and Access Controls vulnerability in Flyspeck CMS 6.8

index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.

7.5
2009-05-22 CVE-2009-1770 Flyspeck Path Traversal vulnerability in Flyspeck CMS 6.8

Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-05-22 CVE-2009-1764 Bokecc SQL Injection vulnerability in Bokecc Maxcms 2.0

SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.

7.5
2009-05-22 CVE-2009-1752 Exjune Permissions, Privileges, and Access Controls vulnerability in Exjune Office Message System 1

exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request.

7.5
2009-05-22 CVE-2009-1751 Realtywebware SQL Injection vulnerability in Realtywebware Realty Web-Base 1.0

SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-05-22 CVE-2009-1748 Joost Horward Path Traversal vulnerability in Joost Horward Catviz 0.4.0

Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a ..

7.5
2009-05-22 CVE-2009-1747 26Thavenue SQL Injection vulnerability in 26Thavenue Bspeak 1.10

SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.

7.5
2009-05-22 CVE-2008-6813 Surat Kabar SQL Injection vulnerability in Surat Kabar PHPwebnews 0.2

SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.

7.5
2009-05-22 CVE-2008-6812 Surat Kabar SQL Injection vulnerability in Surat Kabar PHPwebnews 0.1

SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter.

7.5
2009-05-21 CVE-2009-1746 Diangemilang SQL Injection vulnerability in Diangemilang Dgnews 3.0Beta

SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

7.5
2009-05-21 CVE-2009-1594 Armorlogic Permissions, Privileges, and Access Controls vulnerability in Armorlogic Profense web Application Firewall 2.4

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.

7.5
2009-05-20 CVE-2009-1742 Pc4Arb SQL Injection vulnerability in Pc4Arb PC4 Uploader

code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.

7.5
2009-05-20 CVE-2009-1739 Phpeasycode Improper Input Validation vulnerability in PHPeasycode PAD Site Scripts 3.6

PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.

7.5
2009-05-20 CVE-2009-1736 Joomla SQL Injection vulnerability in Joomla COM Gsticketsystem

SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.

7.5
2009-05-20 CVE-2009-1734 Omnisoftsol SQL Injection vulnerability in Omnisoftsol Vidsharepro

SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2009-05-20 CVE-2009-1731 Mlffat SQL Injection vulnerability in Mlffat 2.1

SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie.

7.5
2009-05-18 CVE-2009-1678 Bitweaver Path Traversal vulnerability in Bitweaver

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a ..

7.5
2009-05-18 CVE-2009-1670 Tcpdb Improper Authentication vulnerability in Tcpdb 3.8

user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors.

7.5
2009-05-18 CVE-2009-1664 Easy Scripts Improper Authentication vulnerability in Easy-Scripts Answer and Question Script

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

7.5
2009-05-18 CVE-2009-1662 Recipescript SQL Injection vulnerability in Recipescript Recipe Script 5

Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.

7.5
2009-05-18 CVE-2009-1658 Realtywebware SQL Injection vulnerability in Realtywebware Realty Web-Base 1.0

Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters.

7.5
2009-05-18 CVE-2009-1657 B2Evolution SQL Injection vulnerability in B2Evolution Starrating Plugin 0.6/0.7/0.7.5

Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-05-18 CVE-2008-6810 Bookingcentre SQL Injection vulnerability in Bookingcentre Booking System for Hotels Group 2.01

Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters.

7.5
2009-05-18 CVE-2008-6809 Bookingcentre SQL Injection vulnerability in Bookingcentre Booking System for Hotels Group 2.01

SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.

7.5
2009-05-22 CVE-2009-1763 SUN Local Code Execution vulnerability in Sun Solaris Secure Digital Slot Driver (sdhost(7D))

Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesystem or memory corruption) via unknown vectors.

7.2

42 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-22 CVE-2009-1782 F Secure Unspecified vulnerability in F-Secure products

Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.

6.8
2009-05-22 CVE-2009-1778 Bigace SQL Injection vulnerability in Bigace CMS 2.5

SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8
2009-05-22 CVE-2009-1381 Squirrelmail Unspecified vulnerability in Squirrelmail Imap General.PHP and Squirrelmail

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.

6.8
2009-05-22 CVE-2009-1765 Pluck CMS Path Traversal vulnerability in Pluck-Cms Pluck 4.6.2

Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a ..

6.8
2009-05-22 CVE-2009-1757 Transmissionbt Cross-Site Request Forgery (CSRF) vulnerability in Transmissionbt Transmission

Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2009-05-20 CVE-2009-1741 Dutchmonkey SQL Injection vulnerability in Dutchmonkey DM Filemanager 3.9.2

Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

6.8
2009-05-20 CVE-2009-1733 Richard Ellerbrock Cross-Site Request Forgery (CSRF) vulnerability in Richard Ellerbrock Ipplan 4.91A

Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3) delete users via unknown vectors.

6.8
2009-05-19 CVE-2009-1252 NTP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in NTP

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

6.8
2009-05-18 CVE-2009-1663 Easy Scripts File-Upload vulnerability in Answer And Question Script

Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory.

6.8
2009-05-18 CVE-2009-1661 Anoldman SQL Injection vulnerability in Anoldman Utopic 1.0

SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.

6.8
2009-05-18 CVE-2009-1659 Intelliants Arbitrary File Upload and Authentication Bypass vulnerability in Intelliants Elitius 1.0

Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.

6.8
2009-05-18 CVE-2008-6811 Instinct
Wordpress
Unspecified vulnerability in Instinct E-Commerce Plugin

Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.

6.8
2009-05-18 CVE-2009-1677 Bitweaver Code Injection vulnerability in Bitweaver

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.

6.5
2009-05-22 CVE-2009-1766 Teozkr SQL Injection vulnerability in Teozkr Lightopencms 0.1

SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.4
2009-05-18 CVE-2009-1665 Easy Scripts Permissions, Privileges, and Access Controls vulnerability in Easy-Scripts Answer and Question Script

myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.

6.4
2009-05-22 CVE-2009-1750 Omnisoftsol Unspecified vulnerability in Omnisoftsol Vidsharepro

Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

6.0
2009-05-22 CVE-2009-1777 Matt Wright Improper Input Validation vulnerability in Matt Wright Formmail 1.92

CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.

5.0
2009-05-22 CVE-2009-1773 Activecollab Improper Input Validation vulnerability in Activecollab 2.1

activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.

5.0
2009-05-22 CVE-2009-1769 Ocsinventory NG Information Exposure vulnerability in Ocsinventory-Ng OCS Inventory NG 1.01

The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.

5.0
2009-05-22 CVE-2009-1768 Ramazeiten Path Traversal vulnerability in Ramazeiten products

Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2009-05-22 CVE-2009-1767 2Daybiz Permissions, Privileges, and Access Controls vulnerability in 2Daybiz Template Monster Clone

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.

5.0
2009-05-22 CVE-2009-1758 Linux
XEN
Resource Management Errors vulnerability in XEN

The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."

5.0
2009-05-22 CVE-2009-1755 Nlnetlabs Numeric Errors vulnerability in Nlnetlabs NSD

Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.

5.0
2009-05-19 CVE-2009-1379 Openssl Resource Management Errors vulnerability in Openssl 1.0.0

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

5.0
2009-05-19 CVE-2009-1378 Openssl
Openssl Project
Resource Management Errors vulnerability in multiple products

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

5.0
2009-05-19 CVE-2009-1377 Openssl
Openssl Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."

5.0
2009-05-18 CVE-2009-1673 SUN Local Denial Of Service vulnerability in SUN Solaris 9

The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD.

4.9
2009-05-22 CVE-2009-1785 Ulteo Cross-Site Scripting vulnerability in Ulteo Open Virtual Desktop 1.0

Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php.

4.3
2009-05-22 CVE-2009-1776 Matt Wright Cross-Site Scripting vulnerability in Matt Wright Formmail

Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.

4.3
2009-05-22 CVE-2009-1775 Ulteo Cross-Site Scripting vulnerability in Ulteo Open Virtual Desktop 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php.

4.3
2009-05-22 CVE-2009-1772 Activecollab Cross-Site Scripting vulnerability in Activecollab 2.1

Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.

4.3
2009-05-22 CVE-2009-1762 Novell Cross-Site Scripting vulnerability in Novell Groupwise

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter.

4.3
2009-05-22 CVE-2009-1635 Novell Cross-Site Scripting vulnerability in Novell Groupwise

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.

4.3
2009-05-22 CVE-2009-1749 Joost Horward Cross-Site Scripting vulnerability in Joost Horward Catviz 0.4.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters.

4.3
2009-05-21 CVE-2009-1729 SUN Cross-Site Scripting vulnerability in SUN Java System Communications Express 6.2/6.3

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.

4.3
2009-05-21 CVE-2009-1593 Armorlogic Cross-Site Scripting vulnerability in Armorlogic Profense web Application Firewall 2.4

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.

4.3
2009-05-21 CVE-2009-1744 Pinnaclesys Path Traversal vulnerability in Pinnaclesys Pinnacle Studio 12

InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file.

4.3
2009-05-20 CVE-2009-1735 Omnisoftsol Cross-Site Scripting vulnerability in Omnisoftsol Vidsharepro

Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter.

4.3
2009-05-20 CVE-2009-1732 Richard Ellerbrock Cross-Site Scripting vulnerability in Richard Ellerbrock Ipplan 4.91A

Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter.

4.3
2009-05-19 CVE-2009-1418 HP Cross-Site Scripting vulnerability in HP System Management Homepage

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-05-21 CVE-2009-0897 IBM Information Disclosure vulnerability in IBM WebSphere Partner Gateway 'bcgarchive'

IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script).

4.0
2009-05-18 CVE-2009-1668 Typsoft Improper Input Validation vulnerability in Typsoft FTP Server 1.11

TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-05-20 CVE-2009-1738 Ivanjaros
Drupal
Cross-Site Scripting vulnerability in Ivanjaros Feed Block 6.X1.0/6.X1.X

Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."

3.5
2009-05-22 CVE-2009-1753 EMN Link Following vulnerability in EMN Coccinelle 0.1.7

Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."

3.3
2009-05-22 CVE-2009-1756 Simone Rota Information Exposure vulnerability in Simone Rota Slim Simple Login Manager 1.3.0

SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.

2.1