Weekly Vulnerabilities Reports > July 13 to 19, 2009

Overview

109 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 43 vendors including Oracle, Xigla, Microsoft, SUN, and Forkosh. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Authentication", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", and "Permissions, Privileges, and Access Controls".

  • 94 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 90 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 28 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

22 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-14 CVE-2009-1977 Oracle Remote Authentication Bypass vulnerability in Oracle Secure Backup 10.2.0.3

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2009-07-14 CVE-2009-2460 Forkosh Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Forkosh Mathtex

Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors.

10.0
2009-07-14 CVE-2009-2459 Forkosh Unspecified vulnerability in Forkosh Mimetex

Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \environ, (2) \input, and (3) \counter TeX directives.

10.0
2009-07-14 CVE-2009-1422 HP Unspecified vulnerability in HP Procurve Threat Management Services ZL Module

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.

10.0
2009-07-14 CVE-2009-1382 Forkosh Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Forkosh Mimetex

Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.

10.0
2009-07-14 CVE-2009-0692 ISC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ISC Dhcp

Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.

10.0
2009-07-14 CVE-2009-2452 Citrix Security vulnerability in Citrix Licensing 11.5

Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console."

10.0
2009-07-16 CVE-2009-2485 Tingan Buffer Errors vulnerability in Tingan Ht-Mp3Player 1.0

Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.

9.3
2009-07-16 CVE-2009-2484 Videolan
Microsoft
Buffer Errors vulnerability in Videolan VLC Media Player 0.9.9

Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.

9.3
2009-07-15 CVE-2009-2477 Mozilla Code Injection vulnerability in Mozilla Firefox 3.5

js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.

9.3
2009-07-15 CVE-2009-1539 Microsoft Code Injection vulnerability in Microsoft products

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."

9.3
2009-07-15 CVE-2009-1538 Microsoft Improper Input Validation vulnerability in Microsoft products

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."

9.3
2009-07-15 CVE-2009-1136 Microsoft Code Injection vulnerability in Microsoft products

The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."

9.3
2009-07-15 CVE-2009-0566 Microsoft Code Injection vulnerability in Microsoft Office Publisher 2007

Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."

9.3
2009-07-15 CVE-2009-0232 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."

9.3
2009-07-15 CVE-2009-0231 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."

9.3
2009-07-14 CVE-2009-2347 Libtiff Numeric Errors vulnerability in Libtiff

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

9.3
2009-07-16 CVE-2009-2047 Cisco Path Traversal vulnerability in Cisco products

Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.

9.0
2009-07-15 CVE-2009-1542 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Virtual PC and Virtual Server

The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."

9.0
2009-07-15 CVE-2009-1135 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft ISA Server 2006

Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."

9.0
2009-07-14 CVE-2009-1978 Oracle Arbitrary Command Execution vulnerability in Oracle Secure Backup 10.2.0.3

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

9.0
2009-07-14 CVE-2009-1020 Oracle Network Foundation Remote vulnerability in Oracle Database

Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

9.0

35 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-13 CVE-2009-2446 Mysql
Oracle
USE of Externally-Controlled Format String vulnerability in multiple products

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.

8.5
2009-07-16 CVE-2009-2487 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.

7.8
2009-07-16 CVE-2009-2486 SUN Unspecified vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets.

7.8
2009-07-16 CVE-2009-2479 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method.

7.8
2009-07-14 CVE-2009-1425 HP Denial of Service vulnerability in HP ProCurve Threat Management Services zl Module 'httpd'

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424.

7.8
2009-07-14 CVE-2009-1424 HP Unspecified vulnerability in HP Procurve Threat Management Services ZL Module

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39412, a different vulnerability than CVE-2009-1423 and CVE-2009-1425.

7.8
2009-07-14 CVE-2009-1423 HP Unspecified vulnerability in HP Procurve Threat Management Services ZL Module

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425.

7.8
2009-07-14 CVE-2009-1963 Oracle Unspecified vulnerability in Oracle Database Server 11.1.0.6

Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors.

7.5
2009-07-14 CVE-2009-1019 Oracle Remote Network Authentication vulnerability in Oracle Database

Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2009-07-14 CVE-2009-1383 Forkosh Code Injection vulnerability in Forkosh Mathtex

The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.

7.5
2009-07-14 CVE-2009-2453 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Presentation Server and Xenapp

Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.

7.5
2009-07-14 CVE-2009-2451 MIM Infinix SQL Injection vulnerability in Mim.Infinix Infinix

Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form.

7.5
2009-07-14 CVE-2008-6867 Scripts FOR Sites SQL Injection vulnerability in Scripts FOR Sites EZ Career

SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter.

7.5
2009-07-14 CVE-2008-6866 PHP Nuke SQL Injection vulnerability in PHP-Nuke Current Issue Module

SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action.

7.5
2009-07-14 CVE-2008-6865 PHP Nuke
Phpnuke
SQL Injection vulnerability in PHP-Nuke Sections Module

SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.

7.5
2009-07-14 CVE-2008-6864 Xigla Improper Authentication vulnerability in Xigla Absolute Live Support .Net 5.1

Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6863 Xigla Improper Authentication vulnerability in Xigla Absolute Form Processor.Net 4.0

Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6862 Xigla Improper Authentication vulnerability in Xigla Absolute Content Rotator 6.0

Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6861 Xigla Improper Authentication vulnerability in Xigla Absolute Newsletter 6.0/6.1

Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6860 Xigla Improper Authentication vulnerability in Xigla Absolute Poll Manager XE 4.1

Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6859 Xigla Improper Authentication vulnerability in Xigla Absolute Control Panel XE 1.5

Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6858 Xigla Improper Authentication vulnerability in Xigla Absolute Banner Manager.Net 4.0

Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6857 Xigla Improper Authentication vulnerability in Xigla Absolute Podcast.Net 1.0

Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6856 Xigla Improper Authentication vulnerability in Xigla Absolute News Manager.Net 5.1

Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-14 CVE-2008-6855 Xigla Improper Authentication vulnerability in Xigla Absolute News Feed 1.0/1.5

Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.

7.5
2009-07-14 CVE-2008-6854 Xigla Improper Authentication vulnerability in Xigla Absolute FAQ Manager .Net 6.0

Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

7.5
2009-07-13 CVE-2009-2449 Adbnewssender Path Traversal vulnerability in Adbnewssender

Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-07-13 CVE-2009-2444 Adbnewssender Path Traversal vulnerability in Adbnewssender

Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-07-13 CVE-2009-2439 WEB Development House SQL Injection vulnerability in web Development House Alibaba Clone

Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php.

7.5
2009-07-13 CVE-2009-2436 Phponlinedatingsoftware SQL Injection vulnerability in PHPonlinedatingsoftware Myphpdating 1.0

SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

7.5
2009-07-17 CVE-2009-1894 Pulseaudio Race Condition vulnerability in Pulseaudio 0.9.10/0.9.14/0.9.9

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.

7.2
2009-07-16 CVE-2009-1895 Linux
Debian
Canonical
Configuration vulnerability in Linux Kernel

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

7.2
2009-07-14 CVE-2009-2461 Forkosh Permissions, Privileges, and Access Controls vulnerability in Forkosh Mathtex 1.00/1.01

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.

7.2
2009-07-13 CVE-2009-2450 Tallemu Buffer Errors vulnerability in Tallemu products

The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.

7.2
2009-07-13 CVE-2009-2434 IBM Buffer Errors vulnerability in IBM AIX 5.3

Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

7.2

45 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-17 CVE-2009-2348 Google Code Injection vulnerability in Google Android 1.5

Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.

6.9
2009-07-17 CVE-2009-1893 Redhat
ISC
Link Following vulnerability in multiple products

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

6.9
2009-07-16 CVE-2009-2482 Netbsd Permissions, Privileges, and Access Controls vulnerability in Netbsd

The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

6.9
2009-07-14 CVE-2009-1975 Oracle Cross-Site Scripting vulnerability in Oracle BEA Product Suite 10.3

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package.

6.8
2009-07-14 CVE-2009-1974 Oracle Remote vulnerability in Oracle WebLogic Server

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Servlet Container Package.

6.8
2009-07-14 CVE-2009-1980 Oracle Remote vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.0
2009-07-16 CVE-2009-2481 SIX Apart
Sixapart
Improper Authentication vulnerability in multiple products

mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.

5.8
2009-07-14 CVE-2009-1989 Oracle Remote PeopleSoft Enterprise FMS vulnerability in Oracle PeopleSoft

Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33, and 9.0 Bundle 24 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2009-07-14 CVE-2009-1973 Oracle Remote Virtual Private Database vulnerability in Oracle Database Server 10.1.0.5/10.2.0.4/11.1.0.7

Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies.

5.5
2009-07-14 CVE-2009-1967 Oracle SQL-injection vulnerability in Oracle Config Management

Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1966.

5.5
2009-07-14 CVE-2009-1966 Oracle SQL-injection vulnerability in Oracle Config Management

Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1967.

5.5
2009-07-14 CVE-2009-1021 Oracle Privilege Escalation vulnerability in Oracle Advanced Replication 'REPCAT_RPC.VALIDATE_REMOTE_RC()'

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2009-07-14 CVE-2009-0987 Oracle Remote Upgrade vulnerability in Oracle Database

Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2009-07-14 CVE-2009-2458 SUN Remote Denial Of Service vulnerability in SUN Fire Server V215

Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors.

5.4
2009-07-17 CVE-2009-1892 ISC Configuration vulnerability in ISC Dhcp

dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.

5.0
2009-07-16 CVE-2009-2478 Mozilla Numeric Errors vulnerability in Mozilla Firefox 3.5

Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."

5.0
2009-07-14 CVE-2009-1987 Oracle Remote vulnerability in Oracle PeopleSoft Enterprise PeopleTools

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.21 allows remote attackers to affect integrity via unknown vectors.

5.0
2009-07-14 CVE-2009-1970 Oracle Remote Denial of Service vulnerability in Oracle Database TNS Command

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991.

5.0
2009-07-14 CVE-2009-0217 IBM
Mono Project
Oracle
Authentication Bypass vulnerability in IETF and W3C XML Digital Signature Specification HMAC Truncation

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

5.0
2009-07-14 CVE-2009-2457 Novell Code Injection vulnerability in Novell Edirectory 8.8

The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet.

5.0
2009-07-14 CVE-2009-2456 Novell Denial-Of-Service vulnerability in Novell Edirectory 8.8

The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (ndsd core dump) via an LDAP request containing multiple .

5.0
2009-07-14 CVE-2009-0192 Novell Numeric Errors vulnerability in Novell Edirectory 8.8

Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.

5.0
2009-07-13 CVE-2009-2445 SUN Information Exposure vulnerability in SUN Java System web Server 6.1/7.0

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.

5.0
2009-07-13 CVE-2009-2443 Siteframe Permissions, Privileges, and Access Controls vulnerability in Siteframe CMS 3.2.1/3.2.2/3.2.3

Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

5.0
2009-07-13 CVE-2009-2435 IBM Credentials Management vulnerability in IBM Lotus Instant Messaging and web Conferencing 6.5.1

The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

5.0
2009-07-16 CVE-2009-2488 SUN Unspecified vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations."

4.9
2009-07-16 CVE-2009-2483 Netbsd Numeric Errors vulnerability in Netbsd 4.0/4.0.1

libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element.

4.9
2009-07-16 CVE-2009-2491 SUN Unspecified vulnerability in SUN RAY Server Software 4.0

The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks."

4.4
2009-07-14 CVE-2009-1984 Oracle Application Install Local vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1

Unspecified vulnerability in the Application Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Patch Administrator.

4.4
2009-07-16 CVE-2009-2480 Movabletype Cross-Site Scripting vulnerability in Movabletype SIX Apart Movable Type 4.24/4.25

Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-07-14 CVE-2009-1983 Oracle Remote Oracle iStore vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote attackers to affect integrity via unknown vectors.

4.3
2009-07-14 CVE-2009-1982 Oracle Remote Oracle Applications Framework vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.6 allows remote attackers to affect integrity via unknown vectors.

4.3
2009-07-14 CVE-2009-1976 Oracle Remote HTTP Server vulnerability in Oracle Application Server 10.1.2.3

Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

4.3
2009-07-14 CVE-2009-1968 Oracle Cross-Site Scripting vulnerability in Oracle Database Server 10.1.8.3

Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors.

4.3
2009-07-14 CVE-2009-2455 Atmail Cross-Site Scripting vulnerability in Atmail @Tmail 5.6.1

Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters.

4.3
2009-07-14 CVE-2009-2454 Citrix Cross-Site Scripting vulnerability in Citrix web Interface 4.6/5.0/5.0.1

Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-07-13 CVE-2009-2448 Esoftpro Cross-Site Scripting vulnerability in Esoftpro Online Guestbook PRO 5.1

Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter.

4.3
2009-07-13 CVE-2009-2447 Esoftpro Cross-Site Scripting vulnerability in Esoftpro Online Guestbook PRO 5.1

Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display parameter.

4.3
2009-07-13 CVE-2009-2442 Linea21 Cross-Site Scripting vulnerability in Linea21 1.2.1

Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action.

4.3
2009-07-13 CVE-2009-2441 Esoftpro Cross-Site Scripting vulnerability in Esoftpro Online Guestbook PRO 5.1

Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.

4.3
2009-07-13 CVE-2009-2440 Jnmsolutions Cross-Site Scripting vulnerability in Jnmsolutions Guestbook 3.0

Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2009-07-13 CVE-2009-2438 Clansphere Cross-Site Scripting vulnerability in Clansphere 2009.0/2009.0.2

Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action.

4.3
2009-07-13 CVE-2009-2437 Rentventory Cross-Site Scripting vulnerability in Rentventory 1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action.

4.3
2009-07-14 CVE-2009-1988 Oracle Remote vulnerability in Oracle PeopleSoft Enterprise HRMS eProfile Manager

Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile Manager component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 19, and 9.0 Bundle 9 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2009-07-14 CVE-2009-1015 Oracle Remote Core RDBMS vulnerability in Oracle Database

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-16 CVE-2009-2048 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.

3.5
2009-07-14 CVE-2009-1981 Oracle Local vulnerability in Oracle Highly Interactive Client

Unspecified vulnerability in the Highly Interactive Client component in Siebel Product Suite 7.5.3, 7.7.2, 7.8.2, 8.0.0.5, and 8.1.0 allows local users to affect confidentiality and integrity via unknown vectors.

3.0
2009-07-17 CVE-2009-2492 SIX Apart
SIX Apart LTD
Sixapart
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.

2.6
2009-07-14 CVE-2009-1986 Oracle Remote Oracle Applications Manager vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality via unknown vectors.

2.6
2009-07-16 CVE-2009-2489 SUN Unspecified vulnerability in SUN RAY Server Software 4.0

Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors.

2.1
2009-07-14 CVE-2009-1969 Oracle Remote Auditing vulnerability in Oracle Database

Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality via unknown vectors.

2.1
2009-07-16 CVE-2009-2490 SUN Unspecified vulnerability in SUN RAY Server Software 4.0

Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks."

1.9