Weekly Vulnerabilities Reports > June 22 to 28, 2009
Overview
105 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 79 vendors including Cisco, Torrenttrader, Fuzzylime, IBM, and Drupal. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".
- 103 reported vulnerabilities are remotely exploitables.
- 55 reported vulnerabilities have public exploit available.
- 66 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 97 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-26 | CVE-2009-2227 | Blabsoft | Buffer Errors vulnerability in Blabsoft Bopup Communication Server 3.2.26.5460 Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810. | 10.0 |
2009-06-26 | CVE-2009-1628 | Unisys Microsoft | Buffer Errors vulnerability in Unisys Business Information Server 10/10.1 Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet. | 10.0 |
2009-06-22 | CVE-2008-6834 | Fuzzylime | Path Traversal vulnerability in Fuzzylime (Cms) 3.0.1/3.0.1A Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2009-06-22 | CVE-2008-6833 | Fuzzylime | Path Traversal vulnerability in Fuzzylime (Cms) 3.0/3.0.1/3.0.1A Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2009-06-22 | CVE-2009-2168 | Egyplus | Improper Authentication vulnerability in Egyplus 7Ammel 1.0.1 cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. | 9.8 |
2009-06-26 | CVE-2009-1394 | Microsoft Motorola | Buffer Errors vulnerability in Motorola Timbuktu PRO 8.6.5 Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. | 9.3 |
2009-06-26 | CVE-2009-2225 | Surething | Buffer Errors vulnerability in Surething Cd/Dvd Labeler 5.1.616 Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file. | 9.3 |
2009-06-26 | CVE-2009-2223 | Teozkr | Path Traversal vulnerability in Teozkr Lightopencms 0.1 Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. | 9.3 |
2009-06-25 | CVE-2009-2210 | Mozilla | Unspecified vulnerability in Mozilla Seamonkey and Thunderbird Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | 9.3 |
2009-06-25 | CVE-2009-2186 | Adobe | Unspecified vulnerability in Adobe Shockwave Player Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465." | 9.3 |
2009-06-25 | CVE-2009-1886 | Samba | USE of Externally-Controlled Format String vulnerability in Samba Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. | 9.3 |
2009-06-25 | CVE-2009-1860 | Adobe | Remote Code Execution vulnerability in Adobe Shockwave Player Director File Parsing Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content. | 9.3 |
2009-06-23 | CVE-2009-2121 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response. | 9.3 | |
2009-06-23 | CVE-2009-0691 | Foxitsoftware | Resource Management Errors vulnerability in Foxitsoftware Foxit Reader and Jpeg2000 Jbig2 Decoder Add-On The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access. | 9.3 |
2009-06-23 | CVE-2009-0690 | Foxitsoftware | Numeric Errors vulnerability in Foxitsoftware Foxit Reader and Jpeg2000/Jbig2 Decoder Add-On The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a negative value for the stream offset in a JPEG2000 (aka JPX) stream, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an out-of-bounds read. | 9.3 |
2009-06-22 | CVE-2009-2169 | Edraw | Code Injection vulnerability in Edraw PDF Viewer Component Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. | 9.3 |
26 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-25 | CVE-2009-2045 | Cisco | Unspecified vulnerability in Cisco Video Surveillance Stream Manager 5.0/5.1 The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924. | 7.8 |
2009-06-25 | CVE-2009-1163 | Cisco | Resource Management Errors vulnerability in Cisco Physical Access Gateway Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets. | 7.8 |
2009-06-27 | CVE-2009-2243 | Aaronoutpost | SQL Injection vulnerability in Aaronoutpost ASP Inline Corporate Calendar SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 7.5 |
2009-06-27 | CVE-2009-2239 | Joomla | SQL Injection vulnerability in Joomla products SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 |
2009-06-27 | CVE-2009-2237 | Drupal Karim Ratib | Unspecified vulnerability in Karim Ratib Views Bulk Operations Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). | 7.5 |
2009-06-27 | CVE-2009-2236 | Yourarticlesdirectory | SQL Injection vulnerability in Yourarticlesdirectory Your Articles Directory SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. | 7.5 |
2009-06-27 | CVE-2009-2235 | Yourarticlesdirectory | SQL Injection vulnerability in Yourarticlesdirectory Your Articles Directory SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-06-27 | CVE-2009-2234 | Vicidial | SQL Injection vulnerability in Vicidial Call Center Suite 2.0.5173 Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW). | 7.5 |
2009-06-27 | CVE-2008-6837 | Zoph | SQL Injection vulnerability in Zoph 0.7.2.1 SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. | 7.5 |
2009-06-26 | CVE-2009-2233 | Awscripts | Improper Authentication vulnerability in Awscripts Gallery Search Engine 1.5 The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | 7.5 |
2009-06-26 | CVE-2009-2232 | Softbizscripts | SQL Injection vulnerability in Softbizscripts Banner AD Management Script SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. | 7.5 |
2009-06-26 | CVE-2009-2231 | MID AS | Improper Authentication vulnerability in Mid.As Midas 1.43 MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. | 7.5 |
2009-06-26 | CVE-2009-2230 | Mybulletinboard | SQL Injection vulnerability in Mybulletinboard SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter. | 7.5 |
2009-06-25 | CVE-2009-2209 | RS CMS | SQL Injection vulnerability in Rs-Cms 2.1 SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
2009-06-25 | CVE-2009-0903 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | 7.5 |
2009-06-23 | CVE-2009-2183 | Campware ORG | Path Traversal vulnerability in Campware.Org Campsite 3.3.0 Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. | 7.5 |
2009-06-23 | CVE-2009-2179 | W2B | SQL Injection vulnerability in W2B PHPdatingclub 3.7 SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter. | 7.5 |
2009-06-23 | CVE-2009-2176 | Fuzzylime | Path Traversal vulnerability in Fuzzylime CMS 3.03A Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | 7.5 |
2009-06-22 | CVE-2009-2165 | Serendipitynz | Unspecified vulnerability in Serendipitynz Serene Bach SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | 7.5 |
2009-06-22 | CVE-2009-2158 | Torrenttrader Project | Use of Insufficiently Random Values vulnerability in Torrenttrader Project Torrenttrader 1.09 account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | 7.5 |
2009-06-22 | CVE-2009-2152 | Isabela Gasparini | SQL Injection vulnerability in Isabela Gasparini Adaptweb 0.9.2 SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action. | 7.5 |
2009-06-22 | CVE-2009-2148 | Campusvirtualcomputrade | SQL Injection vulnerability in Campusvirtualcomputrade Campus Virtual-Lms SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-06-22 | CVE-2009-2147 | Phpwebthings | SQL Injection vulnerability in PHPwebthings SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-06-22 | CVE-2009-2144 | Edgewall Firestats Wordpress | SQL Injection vulnerability in multiple products SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-06-22 | CVE-2009-2143 | Wordpress Firestats | Code Injection vulnerability in Firestats PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | 7.5 |
2009-06-22 | CVE-2009-2142 | Zipstore | SQL Injection vulnerability in Zipstore ZIP Store Chat 4.0/5.0 Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters. | 7.5 |
60 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-27 | CVE-2009-2242 | Aaronoutpost | SQL Injection vulnerability in Aaronoutpost ASP Inline Corporate Calendar SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter. | 6.8 |
2009-06-27 | CVE-2009-2238 | Dmxready | Unspecified vulnerability in Dmxready Registration Manager 1.1 Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager. | 6.8 |
2009-06-27 | CVE-2008-6836 | Drupal Peter Wolanin | Cross-Site Request Forgery (CSRF) vulnerability in Peter Wolanin Openid 5.X1.0/5.X1.1/5.X1.X Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors. | 6.8 |
2009-06-25 | CVE-2009-2218 | David Degner | Code Injection vulnerability in David Degner PHPcollegeexchange 0.1.5C Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. | 6.8 |
2009-06-25 | CVE-2009-2046 | Cisco | Information Exposure vulnerability in Cisco Video Surveillance 2500 Series IP Camera The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2) https request, related to the (a) SD Camera Web Server and the (b) Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr96497. | 6.8 |
2009-06-23 | CVE-2009-2182 | Campware ORG | Code Injection vulnerability in Campware.Org Campsite 3.3.0 Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/. | 6.8 |
2009-06-23 | CVE-2009-2177 | Fuzzylime | Path Traversal vulnerability in Fuzzylime CMS 3.03A code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value. | 6.8 |
2009-06-22 | CVE-2009-2167 | Egyplus | SQL Injection vulnerability in Egyplus 7Ammel Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | 6.8 |
2009-06-22 | CVE-2009-2164 | Kjtechforce | SQL Injection vulnerability in Kjtechforce Mailman Beta1 Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php. | 6.8 |
2009-06-22 | CVE-2009-2154 | Sappy DK | SQL Injection vulnerability in Sappy.Dk Impleo Music Collection 2.0 SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 6.8 |
2009-06-22 | CVE-2009-2150 | Campusvirtualcomputrade | Cross-Site Request Forgery (CSRF) vulnerability in Campusvirtualcomputrade Campus Virtual-Lms Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php. | 6.8 |
2009-06-25 | CVE-2009-2213 | Citrix | Incorrect Authorization vulnerability in Citrix products The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | 6.5 |
2009-06-22 | CVE-2009-2157 | Torrenttrader | SQL Injection vulnerability in Torrenttrader Classic 1.09 Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php. | 6.5 |
2009-06-22 | CVE-2009-2159 | Torrenttrader | Improper Authentication vulnerability in Torrenttrader Classic 1.09 backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/. | 6.4 |
2009-06-25 | CVE-2009-1203 | Cisco | Authentication Form Phishing vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1 WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. | 6.0 |
2009-06-22 | CVE-2009-2146 | Sugarcrm | Unspecified vulnerability in Sugarcrm Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name. | 6.0 |
2009-06-25 | CVE-2009-1888 | Samba Debian Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | 5.8 |
2009-06-26 | CVE-2009-2220 | Tribiq | Path Traversal vulnerability in Tribiq CMS 5.0.12C Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. | 5.1 |
2009-06-22 | CVE-2009-2161 | Torrenttrader | Path Traversal vulnerability in Torrenttrader Classic 1.09 Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2009-06-26 | CVE-2009-2229 | Kasseler CMS | Path Traversal vulnerability in Kasseler-Cms Kasseler CMS 1.3.5 Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-06-26 | CVE-2009-2222 | PHP S3 | Path Traversal vulnerability in PHP.S3 PHP-I-Board 1.0/1.1 Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail. | 5.0 |
2009-06-25 | CVE-2009-2214 | Citrix | Resource Management Errors vulnerability in Citrix Secure Gateway 3.0 The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. | 5.0 |
2009-06-25 | CVE-2009-2212 | IBM | Unspecified vulnerability in IBM Rational Clearquest The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors. | 5.0 |
2009-06-25 | CVE-2009-2185 | Strongswan Xelerance | Improper Input Validation vulnerability in multiple products The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. | 5.0 |
2009-06-23 | CVE-2009-2184 | Gravy Media | Path Traversal vulnerability in Gravy-Media Media Photo Host 1.0.8 Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter. | 5.0 |
2009-06-23 | CVE-2009-2180 | Pc4Arb | Path Traversal vulnerability in Pc4Arb PC4 Uploader 10.0 Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. | 5.0 |
2009-06-23 | CVE-2009-2174 | Gupnp | Denial Of Service vulnerability in Gupnp 0.12.7 GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message. | 5.0 |
2009-06-22 | CVE-2009-2166 | Ocsinventory NG Unix | Path Traversal vulnerability in Ocsinventory-Ng OCS Inventory NG 1.0/1.01/1.02 Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter. | 5.0 |
2009-06-22 | CVE-2009-2160 | Torrenttrader | Permissions, Privileges, and Access Controls vulnerability in Torrenttrader Classic 1.09 TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php. | 5.0 |
2009-06-22 | CVE-2009-2151 | Adaptweb | Path Traversal vulnerability in Adaptweb 0.9.2 Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-06-25 | CVE-2009-2187 | SUN | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages. | 4.9 |
2009-06-27 | CVE-2009-2241 | Aaronoutpost | Cross-Site Scripting vulnerability in Aaronoutpost ASP Inline Corporate Calendar Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
2009-06-27 | CVE-2009-2240 | Ad2000 | Cross-Site Scripting vulnerability in Ad2000 Free-Sw Leger Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-06-27 | CVE-2008-6839 | TGS CMS | Cross-Site Scripting vulnerability in Tgs-Cms TGS Content Management 0.3.2 Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. | 4.3 |
2009-06-27 | CVE-2008-6838 | Zoph | Cross-Site Scripting vulnerability in Zoph 0.7.2.1 Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. | 4.3 |
2009-06-27 | CVE-2008-6835 | Drupal Peter Wolanin | Cross-Site Scripting vulnerability in Peter Wolanin Openid 5.X1.0/5.X1.1/5.X1.X Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-06-26 | CVE-2009-2228 | Kasseler CMS | Cross-Site Scripting vulnerability in Kasseler-Cms Kasseler CMS Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action. | 4.3 |
2009-06-26 | CVE-2009-2226 | PHP S3 | Cross-Site Scripting vulnerability in PHP.S3 Tree BBS Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-06-26 | CVE-2009-2224 | AN Guestbook | Path Traversal vulnerability in AN Guestbook AN Guestbook 0.7.8 Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
2009-06-26 | CVE-2009-2221 | PHP S3 | Cross-Site Scripting vulnerability in PHP.S3 PHP-I-Board 1.0/1.1 Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-06-25 | CVE-2009-2219 | David Degner | Cross-Site Scripting vulnerability in David Degner PHPcollegeexchange 0.1.5C Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/. | 4.3 |
2009-06-25 | CVE-2009-2217 | Phantom Inker | Cross-Site Scripting vulnerability in Phantom-Inker Nbbc Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag. | 4.3 |
2009-06-25 | CVE-2009-2216 | Jbmc Software | Cross-Site Scripting vulnerability in Jbmc-Software Directadmin Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. | 4.3 |
2009-06-25 | CVE-2009-2215 | Urdland | Cross-Site Scripting vulnerability in Urdland URD 0.5.4/0.5.5/0.6.0 Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components. | 4.3 |
2009-06-25 | CVE-2009-2211 | IBM | Cross-Site Scripting vulnerability in IBM Rational Clearquest Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-06-25 | CVE-2009-1202 | Cisco | Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1 WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. | 4.3 |
2009-06-25 | CVE-2009-1201 | Cisco | Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1 Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. | 4.3 |
2009-06-23 | CVE-2009-2181 | Campware ORG | Cross-Site Scripting vulnerability in Campware.Org Campsite 3.3.0 Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter. | 4.3 |
2009-06-23 | CVE-2009-2178 | W2B | Cross-Site Scripting vulnerability in W2B PHPdatingclub 3.7 Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2009-06-23 | CVE-2009-2175 | Henning Makholm | Buffer Errors vulnerability in Henning Makholm Xcftools 1.0.4 Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information. | 4.3 |
2009-06-23 | CVE-2009-2172 | Dream Jelsoft | Cross-Site Scripting vulnerability in Dream Radio and TV Player Addon FOR Vbulletin Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | 4.3 |
2009-06-23 | CVE-2009-2170 | Mahara | Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2009-06-22 | CVE-2009-2163 | Sitecore | Cross-Site Scripting vulnerability in Sitecore CMS 5.3.0/5.3.1/6.0.1 Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter. | 4.3 |
2009-06-22 | CVE-2009-2162 | Ishii Xoops | Cross-Site Scripting vulnerability in Ishii Pukiwikimod Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-06-22 | CVE-2009-2155 | Zohocorp | Cross-Site Scripting vulnerability in Zohocorp Webnms 5 Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | 4.3 |
2009-06-22 | CVE-2009-2153 | Sappy DK | Cross-Site Scripting vulnerability in Sappy.Dk Impleo Music Collection 2.0 Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | 4.3 |
2009-06-22 | CVE-2009-2149 | Campusvirtualcomputrade | Cross-Site Scripting vulnerability in Campusvirtualcomputrade Campus Virtual-Lms Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php. | 4.3 |
2009-06-22 | CVE-2009-2145 | Pantha | Cross-Site Scripting vulnerability in Pantha Translucid 1.75 Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page. | 4.3 |
2009-06-22 | CVE-2009-2141 | Tbdev | Cross-Site Scripting vulnerability in Tbdev Tbdev.Net Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php. | 4.3 |
2009-06-23 | CVE-2009-2171 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-25 | CVE-2009-2208 | Freebsd | Permissions, Privileges, and Access Controls vulnerability in Freebsd FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | 3.6 |
2009-06-23 | CVE-2009-2173 | Gameis | Resource Management Errors vulnerability in Gameis Carom3D 5.06 The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012. | 3.5 |
2009-06-22 | CVE-2009-2156 | Torrenttrader | Cross-Site Scripting vulnerability in Torrenttrader Classic 1.09 Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php. | 3.5 |