Weekly Vulnerabilities Reports > June 22 to 28, 2009

Overview

106 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 81 vendors including Cisco, Torrenttrader, Fuzzylime, IBM, and Drupal. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".

  • 104 reported vulnerabilities are remotely exploitables.
  • 55 reported vulnerabilities have public exploit available.
  • 67 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 98 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-26 CVE-2009-2227 Blabsoft Buffer Errors vulnerability in Blabsoft Bopup Communication Server 3.2.26.5460

Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.

10.0
2009-06-26 CVE-2009-1628 Unisys
Microsoft
Buffer Errors vulnerability in Unisys Business Information Server 10/10.1

Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.

10.0
2009-06-22 CVE-2008-6834 Fuzzylime Path Traversal vulnerability in Fuzzylime (Cms) 3.0.1/3.0.1A

Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a ..

10.0
2009-06-22 CVE-2008-6833 Fuzzylime Path Traversal vulnerability in Fuzzylime (Cms) 3.0/3.0.1/3.0.1A

Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a ..

10.0
2009-06-26 CVE-2009-1394 Microsoft
Motorola
Buffer Errors vulnerability in Motorola Timbuktu PRO 8.6.5

Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.

9.3
2009-06-26 CVE-2009-2225 Surething Buffer Errors vulnerability in Surething Cd/Dvd Labeler 5.1.616

Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file.

9.3
2009-06-26 CVE-2009-2223 Teozkr Path Traversal vulnerability in Teozkr Lightopencms 0.1

Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a ..

9.3
2009-06-25 CVE-2009-2210 Mozilla Unspecified vulnerability in Mozilla Seamonkey and Thunderbird

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.

9.3
2009-06-25 CVE-2009-2186 Adobe Unspecified vulnerability in Adobe Shockwave Player

Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465."

9.3
2009-06-25 CVE-2009-1886 Samba USE of Externally-Controlled Format String vulnerability in Samba

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.

9.3
2009-06-25 CVE-2009-1860 Adobe Remote Code Execution vulnerability in Adobe Shockwave Player Director File Parsing

Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.

9.3
2009-06-23 CVE-2009-2121 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response.

9.3
2009-06-23 CVE-2009-0691 Foxitsoftware Resource Management Errors vulnerability in Foxitsoftware Foxit Reader and Jpeg2000 Jbig2 Decoder Add-On

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.

9.3
2009-06-23 CVE-2009-0690 Foxitsoftware Numeric Errors vulnerability in Foxitsoftware Foxit Reader and Jpeg2000/Jbig2 Decoder Add-On

The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read.

9.3
2009-06-22 CVE-2009-2169 Edraw Code Injection vulnerability in Edraw PDF Viewer Component

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method.

9.3

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-25 CVE-2009-2045 Cisco Unspecified vulnerability in Cisco Video Surveillance Stream Manager 5.0/5.1

The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924.

7.8
2009-06-25 CVE-2009-1163 Cisco Resource Management Errors vulnerability in Cisco Physical Access Gateway

Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets.

7.8
2009-06-27 CVE-2009-2243 Aaronoutpost SQL Injection vulnerability in Aaronoutpost ASP Inline Corporate Calendar

SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

7.5
2009-06-27 CVE-2009-2239 Joomla SQL Injection vulnerability in Joomla products

SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

7.5
2009-06-27 CVE-2009-2237 Drupal
Karim Ratib
Unspecified vulnerability in Karim Ratib Views Bulk Operations

Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions).

7.5
2009-06-27 CVE-2009-2236 Yourarticlesdirectory SQL Injection vulnerability in Yourarticlesdirectory Your Articles Directory

SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter.

7.5
2009-06-27 CVE-2009-2235 Yourarticlesdirectory SQL Injection vulnerability in Yourarticlesdirectory Your Articles Directory

SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-06-27 CVE-2009-2234 Vicidial SQL Injection vulnerability in Vicidial Call Center Suite 2.0.5173

Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW).

7.5
2009-06-27 CVE-2008-6837 Zoph SQL Injection vulnerability in Zoph 0.7.2.1

SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258.

7.5
2009-06-26 CVE-2009-2233 Awscripts Improper Authentication vulnerability in Awscripts Gallery Search Engine 1.5

The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.

7.5
2009-06-26 CVE-2009-2232 Softbizscripts SQL Injection vulnerability in Softbizscripts Banner AD Management Script

SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter.

7.5
2009-06-26 CVE-2009-2231 MID AS Improper Authentication vulnerability in Mid.As Midas 1.43

MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.

7.5
2009-06-26 CVE-2009-2230 Mybulletinboard SQL Injection vulnerability in Mybulletinboard

SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.

7.5
2009-06-25 CVE-2009-2209 RS CMS SQL Injection vulnerability in Rs-Cms 2.1

SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2009-06-25 CVE-2009-0903 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application.

7.5
2009-06-23 CVE-2009-2183 Campware ORG Path Traversal vulnerability in Campware.Org Campsite 3.3.0

Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a ..

7.5
2009-06-23 CVE-2009-2179 W2B SQL Injection vulnerability in W2B PHPdatingclub 3.7

SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter.

7.5
2009-06-23 CVE-2009-2176 Fuzzylime Path Traversal vulnerability in Fuzzylime CMS 3.03A

Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.

7.5
2009-06-22 CVE-2009-2168 Egyplus Improper Authentication vulnerability in Egyplus 7Ammel

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.

7.5
2009-06-22 CVE-2009-2165 Serendipitynz Unspecified vulnerability in Serendipitynz Serene Bach

SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.

7.5
2009-06-22 CVE-2009-2158 Torrenttrader Credentials Management vulnerability in Torrenttrader Classic 1.09

account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.

7.5
2009-06-22 CVE-2009-2152 Isabela Gasparini SQL Injection vulnerability in Isabela Gasparini Adaptweb 0.9.2

SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.

7.5
2009-06-22 CVE-2009-2148 Campusvirtualcomputrade SQL Injection vulnerability in Campusvirtualcomputrade Campus Virtual-Lms

SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-06-22 CVE-2009-2147 Phpwebthings SQL Injection vulnerability in PHPwebthings

SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-06-22 CVE-2009-2144 Edgewall
Firestats
Wordpress
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-06-22 CVE-2009-2143 Wordpress
Firestats
Code Injection vulnerability in Firestats

PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.

7.5
2009-06-22 CVE-2009-2142 Zipstore SQL Injection vulnerability in Zipstore ZIP Store Chat 4.0/5.0

Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.

7.5

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-27 CVE-2009-2242 Aaronoutpost SQL Injection vulnerability in Aaronoutpost ASP Inline Corporate Calendar

SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.

6.8
2009-06-27 CVE-2009-2238 Dmxready Unspecified vulnerability in Dmxready Registration Manager 1.1

Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.

6.8
2009-06-27 CVE-2008-6836 Drupal
Peter Wolanin
Cross-Site Request Forgery (CSRF) vulnerability in Peter Wolanin Openid 5.X1.0/5.X1.1/5.X1.X

Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.

6.8
2009-06-25 CVE-2009-2218 David Degner Code Injection vulnerability in David Degner PHPcollegeexchange 0.1.5C

Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/.

6.8
2009-06-25 CVE-2009-2046 Cisco Information Exposure vulnerability in Cisco Video Surveillance 2500 Series IP Camera

The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2) https request, related to the (a) SD Camera Web Server and the (b) Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr96497.

6.8
2009-06-23 CVE-2009-2182 Campware ORG Code Injection vulnerability in Campware.Org Campsite 3.3.0

Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/.

6.8
2009-06-23 CVE-2009-2177 Fuzzylime Path Traversal vulnerability in Fuzzylime CMS 3.03A

code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.

6.8
2009-06-22 CVE-2009-2167 Egyplus SQL Injection vulnerability in Egyplus 7Ammel

Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

6.8
2009-06-22 CVE-2009-2164 Kjtechforce SQL Injection vulnerability in Kjtechforce Mailman Beta1

Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.

6.8
2009-06-22 CVE-2009-2154 Sappy DK SQL Injection vulnerability in Sappy.Dk Impleo Music Collection 2.0

SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8
2009-06-22 CVE-2009-2150 Campusvirtualcomputrade Cross-Site Request Forgery (CSRF) vulnerability in Campusvirtualcomputrade Campus Virtual-Lms

Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php.

6.8
2009-06-22 CVE-2009-2157 Torrenttrader SQL Injection vulnerability in Torrenttrader Classic 1.09

Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php.

6.5
2009-06-22 CVE-2009-2159 Torrenttrader Improper Authentication vulnerability in Torrenttrader Classic 1.09

backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.

6.4
2009-06-25 CVE-2009-2213 Citrix Configuration vulnerability in Citrix products

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.

6.3
2009-06-25 CVE-2009-1203 Cisco Authentication Form Phishing vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.

6.0
2009-06-22 CVE-2009-2146 Sugarcrm Unspecified vulnerability in Sugarcrm

Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.

6.0
2009-06-25 CVE-2009-1888 Samba
Debian
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

5.8
2009-06-26 CVE-2009-2220 Tribiq Path Traversal vulnerability in Tribiq CMS 5.0.12C

Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php.

5.1
2009-06-22 CVE-2009-2161 Torrenttrader Path Traversal vulnerability in Torrenttrader Classic 1.09

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a ..

5.1
2009-06-26 CVE-2009-2229 Kasseler CMS Path Traversal vulnerability in Kasseler-Cms Kasseler CMS 1.3.5

Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a ..

5.0
2009-06-26 CVE-2009-1887 RED HAT
Redhat
NET Snmp
Numeric Errors vulnerability in multiple products

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error.

5.0
2009-06-26 CVE-2009-2222 PHP S3 Path Traversal vulnerability in PHP.S3 PHP-I-Board 1.0/1.1

Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail.

5.0
2009-06-25 CVE-2009-2214 Citrix Resource Management Errors vulnerability in Citrix Secure Gateway 3.0

The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request.

5.0
2009-06-25 CVE-2009-2212 IBM Unspecified vulnerability in IBM Rational Clearquest

The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors.

5.0
2009-06-25 CVE-2009-2185 Strongswan
Xelerance
Improper Input Validation vulnerability in multiple products

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

5.0
2009-06-23 CVE-2009-2184 Gravy Media Path Traversal vulnerability in Gravy-Media Media Photo Host 1.0.8

Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.

5.0
2009-06-23 CVE-2009-2180 Pc4Arb Path Traversal vulnerability in Pc4Arb PC4 Uploader 10.0

Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a ..

5.0
2009-06-23 CVE-2009-2174 Gupnp Denial Of Service vulnerability in Gupnp 0.12.7

GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.

5.0
2009-06-22 CVE-2009-2166 Ocsinventory NG
Unix
Path Traversal vulnerability in Ocsinventory-Ng OCS Inventory NG 1.0/1.01/1.02

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.

5.0
2009-06-22 CVE-2009-2160 Torrenttrader Permissions, Privileges, and Access Controls vulnerability in Torrenttrader Classic 1.09

TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php.

5.0
2009-06-22 CVE-2009-2151 Adaptweb Path Traversal vulnerability in Adaptweb 0.9.2

Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a ..

5.0
2009-06-25 CVE-2009-2187 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages.

4.9
2009-06-27 CVE-2009-2241 Aaronoutpost Cross-Site Scripting vulnerability in Aaronoutpost ASP Inline Corporate Calendar

Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

4.3
2009-06-27 CVE-2009-2240 Ad2000 Cross-Site Scripting vulnerability in Ad2000 Free-Sw Leger

Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-06-27 CVE-2008-6839 TGS CMS Cross-Site Scripting vulnerability in Tgs-Cms TGS Content Management 0.3.2

Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php.

4.3
2009-06-27 CVE-2008-6838 Zoph Cross-Site Scripting vulnerability in Zoph 0.7.2.1

Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter.

4.3
2009-06-27 CVE-2008-6835 Drupal
Peter Wolanin
Cross-Site Scripting vulnerability in Peter Wolanin Openid 5.X1.0/5.X1.1/5.X1.X

Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-06-26 CVE-2009-2228 Kasseler CMS Cross-Site Scripting vulnerability in Kasseler-Cms Kasseler CMS

Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.

4.3
2009-06-26 CVE-2009-2226 PHP S3 Cross-Site Scripting vulnerability in PHP.S3 Tree BBS

Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-06-26 CVE-2009-2224 AN Guestbook Path Traversal vulnerability in AN Guestbook AN Guestbook 0.7.8

Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a ..

4.3
2009-06-26 CVE-2009-2221 PHP S3 Cross-Site Scripting vulnerability in PHP.S3 PHP-I-Board 1.0/1.1

Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-06-25 CVE-2009-2219 David Degner Cross-Site Scripting vulnerability in David Degner PHPcollegeexchange 0.1.5C

Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/.

4.3
2009-06-25 CVE-2009-2217 Phantom Inker Cross-Site Scripting vulnerability in Phantom-Inker Nbbc

Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag.

4.3
2009-06-25 CVE-2009-2216 Jbmc Software Cross-Site Scripting vulnerability in Jbmc-Software Directadmin

Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.

4.3
2009-06-25 CVE-2009-2215 Urdland Cross-Site Scripting vulnerability in Urdland URD 0.5.4/0.5.5/0.6.0

Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.

4.3
2009-06-25 CVE-2009-2211 IBM Cross-Site Scripting vulnerability in IBM Rational Clearquest

Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-06-25 CVE-2009-1202 Cisco Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.

4.3
2009-06-25 CVE-2009-1201 Cisco Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1

Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.

4.3
2009-06-23 CVE-2009-2181 Campware ORG Cross-Site Scripting vulnerability in Campware.Org Campsite 3.3.0

Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter.

4.3
2009-06-23 CVE-2009-2178 W2B Cross-Site Scripting vulnerability in W2B PHPdatingclub 3.7

Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2009-06-23 CVE-2009-2175 Henning Makholm Buffer Errors vulnerability in Henning Makholm Xcftools 1.0.4

Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information.

4.3
2009-06-23 CVE-2009-2172 Dream
Jelsoft
Cross-Site Scripting vulnerability in Dream Radio and TV Player Addon FOR Vbulletin

Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.

4.3
2009-06-23 CVE-2009-2170 Mahara Cross-Site Scripting vulnerability in Mahara

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-06-22 CVE-2009-2163 Sitecore Cross-Site Scripting vulnerability in Sitecore CMS 5.3.0/5.3.1/6.0.1

Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.

4.3
2009-06-22 CVE-2009-2162 Ishii
Xoops
Cross-Site Scripting vulnerability in Ishii Pukiwikimod

Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-06-22 CVE-2009-2155 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Webnms 5

Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

4.3
2009-06-22 CVE-2009-2153 Sappy DK Cross-Site Scripting vulnerability in Sappy.Dk Impleo Music Collection 2.0

Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

4.3
2009-06-22 CVE-2009-2149 Campusvirtualcomputrade Cross-Site Scripting vulnerability in Campusvirtualcomputrade Campus Virtual-Lms

Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php.

4.3
2009-06-22 CVE-2009-2145 Pantha Cross-Site Scripting vulnerability in Pantha Translucid 1.75

Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.

4.3
2009-06-22 CVE-2009-2141 Tbdev Cross-Site Scripting vulnerability in Tbdev Tbdev.Net

Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php.

4.3
2009-06-23 CVE-2009-2171 Mahara Permissions, Privileges, and Access Controls vulnerability in Mahara

Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-25 CVE-2009-2208 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd

FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU.

3.6
2009-06-23 CVE-2009-2173 Gameis Resource Management Errors vulnerability in Gameis Carom3D 5.06

The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012.

3.5
2009-06-22 CVE-2009-2156 Torrenttrader Cross-Site Scripting vulnerability in Torrenttrader Classic 1.09

Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php.

3.5