Weekly Vulnerabilities Reports > July 6 to 12, 2009
Overview
3 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 5 products from 4 vendors including Apple, Rubyonrails, JAY Jayx0R, and Iomega. Vulnerabilities are notably categorized as "Improper Authentication", and "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)".
- 3 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 3 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-07-10 | CVE-2009-2422 | Rubyonrails Apple | Improper Authentication vulnerability in multiple products The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. | 9.8 |
2009-07-08 | CVE-2009-2382 | JAY Jayx0R | Improper Authentication vulnerability in Jay-Jayx0R PHPmyblockchecker 1.0.0055 admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. | 9.8 |
2009-07-08 | CVE-2009-2367 | Iomega | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Iomega Storcenter PRO Firmware cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter. | 9.8 |
0 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|