Weekly Vulnerabilities Reports > June 29 to July 5, 2009

Overview

87 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 67 vendors including Axesstel, SUN, MAX Kervin, CMS TUT SU, and Huawei. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".

  • 81 reported vulnerabilities are remotely exploitables.
  • 30 reported vulnerabilities have public exploit available.
  • 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 86 reported vulnerabilities are exploitable by an anonymous user.
  • Axesstel has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Huawei has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-05 CVE-2009-2317 Axesstel Credentials Management vulnerability in Axesstel MV 410R

The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.

10.0
2009-07-02 CVE-2009-2300 Phion Resource Management Errors vulnerability in Phion Airlock web Application Firewall 4.110.41

The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.

10.0
2009-07-02 CVE-2009-2296 SUN Unspecified vulnerability in SUN Opensolaris and Solaris

The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.

10.0
2009-07-01 CVE-2009-2271 Huawei Credentials Management vulnerability in Huawei D100

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.

10.0
2009-06-30 CVE-2009-2261 Giorgio Tani Improper Input Validation vulnerability in Giorgio Tani Peazip

PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.

9.3

38 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-05 CVE-2009-2321 Axesstel Remote Vulnerabilites and Weakness in Axesstel MV 410R

cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string.

7.8
2009-07-05 CVE-2009-2318 Axesstel Improper Input Validation vulnerability in Axesstel MV 410R

The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116.

7.8
2009-07-02 CVE-2009-2305 Armassa Improper Input Validation vulnerability in Armassa Ard-9808 and Ard-9808 Software

The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.

7.8
2009-07-02 CVE-2009-2301 Radware Improper Input Validation vulnerability in Radware Appwall and Gateway

The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/.

7.8
2009-07-01 CVE-2009-2274 Huawei Information Exposure vulnerability in Huawei D100

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.

7.8
2009-06-30 CVE-2009-2258 Netgear Path Traversal vulnerability in Netgear Dg632 and Dg632 Firmware

Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a ..

7.8
2009-06-30 CVE-2009-2257 Netgear Improper Authentication vulnerability in Netgear Dg632 3.4.0Ap

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.

7.8
2009-06-30 CVE-2009-2256 Netgear Improper Input Validation vulnerability in Netgear Dg632 3.4.0Ap

The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.

7.8
2009-07-05 CVE-2009-2333 CMS TUT SU Path Traversal vulnerability in Cms.Tut.Su CMS Chainuk

Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a ..

7.5
2009-07-05 CVE-2009-2331 CMS TUT SU Code Injection vulnerability in Cms.Tut.Su CMS Chainuk

Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.

7.5
2009-07-05 CVE-2009-2328 MAX Kervin Improper Authentication vulnerability in MAX Kervin Kervinet Forum

admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.

7.5
2009-07-05 CVE-2009-2326 MAX Kervin SQL Injection vulnerability in MAX Kervin Kervinet Forum

Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php.

7.5
2009-07-05 CVE-2009-2320 Axesstel Improper Input Validation vulnerability in Axesstel MV 410R

The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript.

7.5
2009-07-05 CVE-2009-2295 JUN Furuse Numeric Errors vulnerability in JUN Furuse Camlimages

Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.

7.5
2009-07-05 CVE-2009-2294 Dillo Numeric Errors vulnerability in Dillo

Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values.

7.5
2009-07-05 CVE-2009-2265 Fckeditor Path Traversal vulnerability in Fckeditor

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

7.5
2009-07-05 CVE-2009-1648 Suse Configuration vulnerability in Suse Linux 11

The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services.

7.5
2009-07-05 CVE-2007-6727 MAX Kervin SQL Injection vulnerability in MAX Kervin Kervinet Forum

SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows remote attackers to execute arbitrary SQL commands via the forum parameter.

7.5
2009-07-02 CVE-2009-2313 Jinzora Path Traversal vulnerability in Jinzora

Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-07-02 CVE-2009-2311 Selbstzweck
Woltlab
SQL Injection vulnerability in Selbstzweck Rgallery Plugin 1.2.3

SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.

7.5
2009-07-02 CVE-2009-2310 BOW DER Kleine SQL Injection vulnerability in BOW DER Kleine X-Blc 0.1.4

SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.

7.5
2009-07-02 CVE-2009-2309 Codice CMS SQL Injection vulnerability in Codice-Cms Codice CMS 2

SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter.

7.5
2009-07-02 CVE-2009-2308 Punbb
Punres
SQL Injection vulnerability in Punres Affiliates MOD 1.0.0

Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.

7.5
2009-07-02 CVE-2009-2307 Maxdev SQL Injection vulnerability in Maxdev Cwguestbook

SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.

7.5
2009-07-02 CVE-2009-2306 Armassa Permissions, Privileges, and Access Controls vulnerability in Armassa Ard-9808 and Ard-9808 Software

The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.

7.5
2009-07-02 CVE-2009-2298 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.53

Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe.

7.5
2009-07-02 CVE-2008-6844 EZ Permissions, Privileges, and Access Controls vulnerability in EZ Publish

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.

7.5
2009-07-01 CVE-2009-2293 Tutorial Share Permissions, Privileges, and Access Controls vulnerability in Tutorial-Share Tutorial Share 3.0.0/3.0.1

Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.

7.5
2009-07-01 CVE-2009-2290 Joomla
KIM Eckert
SQL Injection vulnerability in KIM Eckert COM Bsadv 0.0/0.1/0.2

SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.

7.5
2009-07-01 CVE-2009-2288 Nagios OS Command Injection vulnerability in Nagios

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.

7.5
2009-07-01 CVE-2009-2276 Punbb
Biglle
SQL Injection vulnerability in Biglle Vote for US Extension 1.0

SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.

7.5
2009-07-01 CVE-2009-2269 Phome Empire SQL Injection vulnerability in Phome Empire Phome Empire CMS 5.1

SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.

7.5
2009-07-01 CVE-2008-6841 Joomla
Gmitc
Code Injection vulnerability in Gmitc COM Dbquery 1.0

PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php.

7.5
2009-06-30 CVE-2009-2263 Awesomephp Path Traversal vulnerability in Awesomephp Mega File Manager 1.0

Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-06-30 CVE-2009-2262 Myiosoft Code Injection vulnerability in Myiosoft Ajaxportal 3.0

PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter.

7.5
2009-06-30 CVE-2009-2254 ZEN Cart SQL Injection vulnerability in Zen-Cart ZEN Cart

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.

7.5
2009-07-05 CVE-2009-1890 Apache Numeric Errors vulnerability in Apache Http Server

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.

7.1
2009-07-02 CVE-2009-2297 SUN Unspecified vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches.

7.1

41 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-02 CVE-2008-6846 Avast Buffer Errors vulnerability in Avast Antivirus 1.0.5/1.0.51/1.0.8

Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.

6.8
2009-07-02 CVE-2008-6842 Pluck CMS Path Traversal vulnerability in Pluck-Cms Pluck 4.6.1

Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-07-01 CVE-2009-2291 Drupal
Chad Phillips
Permissions, Privileges, and Access Controls vulnerability in Chad Phillips Logintoboggan

Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.

6.8
2009-07-01 CVE-2009-2270 Dedecms Code Injection vulnerability in Dedecms 5.3

Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename.

6.8
2009-07-01 CVE-2009-0689 K Meleon Project
Mozilla
Freebsd
Netbsd
Openbsd
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

6.8
2009-07-01 CVE-2008-6840 Christof Bruyland Code Injection vulnerability in Christof Bruyland V-Webmail 1.6.4

Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f) Console/Getopt.php, (g) System.php, (h) Log.php, and (i) File.php in includes/pear/; the CONFIG[pear_dir] parameter to (j) includes/prepend.php, and (k) includes/cachedConfig.php; and the (2) CONFIG[includes] parameter to (l) prepend.php and (m) email.list.search.php in includes/.

6.8
2009-06-30 CVE-2009-2255 ZEN Cart Improper Authentication vulnerability in Zen-Cart ZEN Cart

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.

6.8
2009-07-05 CVE-2009-0904 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests.

6.4
2009-07-05 CVE-2009-2323 Axesstel Cross-Site Request Forgery (CSRF) vulnerability in Axesstel MV 410R

The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script.

5.8
2009-07-05 CVE-2009-2332 CMS TUT SU Information Exposure vulnerability in Cms.Tut.Su CMS Chainuk

CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.

5.0
2009-07-05 CVE-2009-2329 MAX Kervin Information Exposure vulnerability in MAX Kervin Kervinet Forum

KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php, or (2) voting_diagram.php, (3) voting.php, (4) topics_search.php, (5) topics_list.php, (6) top_part.php, (7) quick_search.php, (8) quick_reply.php, (9) moder_menu.php, (10) messages_list.php, (11) menu.php, (12) head.php, (13) forums_list.php, (14) forum_statistics.php, (15) forum_info.php, or (16) birthday.php in include_files/, which reveals the installation path in an error message.

5.0
2009-07-05 CVE-2009-2325 Clicknet Path Traversal vulnerability in Clicknet CMS 2.1

Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a ..

5.0
2009-07-05 CVE-2009-2319 Axesstel Cryptographic Issues vulnerability in Axesstel MV 410R

The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5.0
2009-07-02 CVE-2009-2304 Avatic Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP

index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.

5.0
2009-07-02 CVE-2009-2303 Avatic Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP

index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.

5.0
2009-07-02 CVE-2009-2299 Hyperguard WEB Application Firewall Project Unspecified vulnerability in Hyperguard web Application Firewall Project Hyperguard web Application Firewall

The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.

5.0
2009-07-02 CVE-2008-6845 Clamav Denial Of Service vulnerability in ClamAV LZH File Unpacking

The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.

5.0
2009-07-02 CVE-2008-6843 Netenberg
Cpanel
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a ..

5.0
2009-07-01 CVE-2009-2275 Cpanel Path Traversal vulnerability in Cpanel

Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a ..

5.0
2009-07-01 CVE-2009-2273 Huaweidevice Cryptographic Issues vulnerability in Huaweidevice D100

The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5.0
2009-07-01 CVE-2009-2272 Huawei Cryptographic Issues vulnerability in Huawei D100 Router

The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.

5.0
2009-07-01 CVE-2009-1889 Pidgin Resource Management Errors vulnerability in Pidgin

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.

5.0
2009-06-30 CVE-2009-2260 Stardict Information Exposure vulnerability in Stardict 3.0.1

stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2009-07-05 CVE-2009-1388 Linux Race Condition vulnerability in Linux Kernel 2.6.18

The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.

4.9
2009-07-02 CVE-2009-1421 HP Local Denial Of Service vulnerability in HP Oncplus B.11.3106/B.11.3107

Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors.

4.9
2009-07-01 CVE-2009-2287 Linux
Canonical
Debian
Null Pointer Dereference vulnerability in multiple products

The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.

4.9
2009-07-02 CVE-2009-2312 Mcafee Cryptographic Issues vulnerability in Mcafee Smartfilter 4.2.1.00

SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges.

4.6
2009-07-01 CVE-2009-2282 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris

The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors.

4.6
2009-07-05 CVE-2009-2330 CMS TUT SU Cross-Site Scripting vulnerability in Cms.Tut.Su CMS Chainuk

Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.

4.3
2009-07-05 CVE-2009-2324 Fckeditor Cross-Site Scripting vulnerability in Fckeditor

Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.

4.3
2009-07-05 CVE-2009-2322 Axesstel Cross-Site Scripting vulnerability in Axesstel MV 410R

Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-07-05 CVE-2009-2316 IBM Cross-Site Scripting vulnerability in IBM Tivoli Identity Manager 5.0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface.

4.3
2009-07-05 CVE-2007-6728 XMB Forum Cross-Site Scripting vulnerability in XMB Forum XMB 1.5

Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration.

4.3
2009-07-02 CVE-2009-2302 Avatic Cross-Site Scripting vulnerability in Avatic Aardvark Topsites PHP

Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.

4.3
2009-07-02 CVE-2008-6847 Preproject Cross-Site Scripting vulnerability in Preproject PRE ASP JOB Board

Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2009-07-01 CVE-2009-2292 Appleple Cross-Site Scripting vulnerability in Appleple A-News 2.32

Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-07-01 CVE-2009-2289 Arcadetradescript Cross-Site Scripting vulnerability in Arcadetradescript Arcade Trade Script 1.0Beta

Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action.

4.3
2009-07-01 CVE-2009-2286 James Ashton Buffer Errors vulnerability in James Ashton Compface 1.4/1.5/1.5.1

Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file.

4.3
2009-07-01 CVE-2009-2285 Libtiff Buffer Errors vulnerability in Libtiff 3.8.2

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

4.3
2009-07-01 CVE-2009-2284 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.

4.3
2009-07-01 CVE-2009-2283 SUN Cross-Site Scripting vulnerability in SUN Java web Console and Solaris

Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-05 CVE-2009-2327 MAX Kervin Cross-Site Scripting vulnerability in MAX Kervin Kervinet Forum

Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.

3.5
2009-07-01 CVE-2009-2268 SUN Cross-Site Scripting vulnerability in SUN Java System Access Manager

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.6
2009-07-05 CVE-2009-2314 SUN Race Condition vulnerability in SUN Lightweight Availability Collection Tool 3.0

Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.

2.1