Weekly Vulnerabilities Reports > July 27 to August 2, 2009

Overview

84 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 52 vendors including Joomla, Adobe, Microsoft, Cisco, and Datachecknh. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".

  • 78 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities have public exploit available.
  • 36 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 82 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-29 CVE-2009-1918 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability."

10.0
2009-07-29 CVE-2009-1167 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672.

10.0
2009-07-31 CVE-2009-1869 Adobe Numeric Errors vulnerability in Adobe Air, Flash Player and Flex

Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.

9.3
2009-07-31 CVE-2009-1868 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Air, Flash Player and Flex

Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.

9.3
2009-07-31 CVE-2009-1866 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Air, Flash Player and Flex

Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.

9.3
2009-07-31 CVE-2009-1865 Adobe Multiple Security vulnerability in RETIRED: Adobe Flash Player and AIR

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."

9.3
2009-07-31 CVE-2009-1864 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Air, Flash Player and Flex

Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.

9.3
2009-07-31 CVE-2009-1863 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Flash Player and Flex

Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."

9.3
2009-07-30 CVE-2009-2650 Sorcerersoftware Buffer Errors vulnerability in Sorcerersoftware Multimedia Jukebox 4.0

Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.

9.3
2009-07-30 CVE-2009-2646 RIM Unspecified vulnerability in RIM products

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.

9.3
2009-07-29 CVE-2009-2493 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

9.3
2009-07-29 CVE-2009-1919 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."

9.3
2009-07-29 CVE-2009-1917 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."

9.3
2009-07-29 CVE-2009-0901 Microsoft Code Injection vulnerability in Microsoft Visual C++, Visual Studio and Visual Studio .Net

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." Please refer to this link http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx for mitigating factors and additional information.

9.3
2009-07-28 CVE-2009-2643 RIM Security vulnerability in RIM products

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.

9.3
2009-07-27 CVE-2009-2617 Baofeng Buffer Errors vulnerability in Baofeng Storm 3.9.62

Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.

9.3

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-29 CVE-2009-2495 Microsoft Information Exposure vulnerability in Microsoft Visual C++, Visual Studio and Visual Studio .Net

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

7.8
2009-07-29 CVE-2009-1426 HP Unspecified vulnerability in HP products

Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, and G6 servers with ProLiant Onboard Administrator Powered by LO100i (formerly Lights Out 100) 3.07 and earlier allows remote attackers to cause a denial of service via unknown vectors.

7.8
2009-07-29 CVE-2009-1166 Cisco Unspecified vulnerability in Cisco Catalyst 3750G

The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708.

7.8
2009-07-29 CVE-2009-1165 Cisco Resource Management Errors vulnerability in Cisco products

Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789.

7.8
2009-07-29 CVE-2009-1164 Cisco Resource Management Errors vulnerability in Cisco products

The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a malformed response to a (1) HTTP or (2) HTTPS authentication request, aka Bug ID CSCsx03715.

7.8
2009-07-27 CVE-2009-2597 SUN Unspecified vulnerability in SUN Java System Access Manager Policy Agent 2.2

The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request.

7.8
2009-07-31 CVE-2009-1720 Openexr Numeric Errors vulnerability in Openexr 1.2.2/1.6.1

Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors.

7.5
2009-07-30 CVE-2008-6883 Joomla
Joompolitan
SQL Injection vulnerability in Joompolitan COM Livechat 1.0

SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php.

7.5
2009-07-30 CVE-2008-6882 Joomla
Joompolitan
Improper Input Validation vulnerability in Joompolitan COM Livechat 1.0

Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.

7.5
2009-07-30 CVE-2008-6881 Joompolitan
Joomla
SQL Injection vulnerability in Joompolitan COM Livechat 1.0

Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.

7.5
2009-07-30 CVE-2008-6880 Easysitenetwork SQL Injection vulnerability in Easysitenetwork Jokes Complete Website

SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-07-30 CVE-2009-2410 Fedorahosted Improper Authentication vulnerability in Fedorahosted Sssd 0.4.1

The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection.

7.5
2009-07-28 CVE-2009-2642 Desiscripts Improper Authentication vulnerability in Desiscripts Desi Short URL Script 1.0

index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.

7.5
2009-07-28 CVE-2009-2640 Interlogy SQL Injection vulnerability in Interlogy Profile Manager

Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.

7.5
2009-07-28 CVE-2009-2639 Mrcgiguy SQL Injection vulnerability in Mrcgiguy the Ticket System 2.0

SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.

7.5
2009-07-28 CVE-2009-2638 Joomla
Konze
SQL Injection vulnerability in Konze COM Akobook 2.3

SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.

7.5
2009-07-28 CVE-2009-2637 Joomla
Ordasoft
Code Injection vulnerability in Ordasoft COM Booklibrary 1.5.2.4

PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2009-07-28 CVE-2009-2635 Joomla
Ordasoft
Code Injection vulnerability in Ordasoft COM Realestatemanager 1.0

PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2009-07-28 CVE-2009-2634 Joomla
Ordasoft
Code Injection vulnerability in Ordasoft COM Medialibrary 1.5.3

PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2009-07-28 CVE-2009-2633 Joomla
Ordasoft
Code Injection vulnerability in Ordasoft COM Vehiclemanager 1.0

PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2009-07-27 CVE-2009-2619 Datachecknh SQL Injection vulnerability in Datachecknh V-Spacepal

SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-07-27 CVE-2009-2618 Maxdev SQL Injection vulnerability in Maxdev Mdpro 1.083

SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.

7.5
2009-07-27 CVE-2009-2616 Datachecknh SQL Injection vulnerability in Datachecknh Sitepal 1.0

SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-07-27 CVE-2009-2614 Datachecknh SQL Injection vulnerability in Datachecknh Linkpal 1.0

SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-07-27 CVE-2009-2612 Prosmdr SQL Injection vulnerability in Prosmdr

SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter.

7.5
2009-07-27 CVE-2009-2609 Joomla
Amotools
SQL Injection vulnerability in Amotools COM Amocourse

SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.

7.5
2009-07-27 CVE-2009-2607 Joomla
Pinme
SQL Injection vulnerability in Pinme COM Pinboard

SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.

7.5
2009-07-27 CVE-2009-2604 Zenhelpdesk SQL Injection vulnerability in Zenhelpdesk ZEN Help Desk 2.1

Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.

7.5
2009-07-27 CVE-2009-2603 E Supportportal SQL Injection vulnerability in E-Supportportal Escon Supportportal PRO 3.0

Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.

7.5
2009-07-27 CVE-2009-2601 Joomlaequipment
Joomla
SQL Injection vulnerability in Joomlaequipment Juser 2.0.4

SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.

7.5
2009-07-27 CVE-2009-2599 Radscripts SQL Injection vulnerability in Radscripts Radclassifieds 2.0

SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.

7.5
2009-07-30 CVE-2009-1168 Cisco Resource Management Errors vulnerability in Cisco IOS and IOS XE

Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021.

7.1

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-31 CVE-2009-2407 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.

6.9
2009-07-31 CVE-2009-2406 Linux Buffer Errors vulnerability in Linux Kernel and Linux Kernel

Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.

6.9
2009-07-31 CVE-2008-6884 Xoops Path Traversal vulnerability in Xoops 2.3.1

Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a ..

6.8
2009-07-31 CVE-2009-1722 Openexr Buffer Errors vulnerability in Openexr 1.2.2

Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.

6.8
2009-07-31 CVE-2009-1721 Openexr Configuration vulnerability in Openexr 1.2.2/1.6.1

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

6.8
2009-07-30 CVE-2009-2408 Mozilla Improper Input Validation vulnerability in Mozilla products

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

6.8
2009-07-28 CVE-2009-2641 Rich White Code Injection vulnerability in Rich White School Data NAV

PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

6.8
2009-07-27 CVE-2009-2611 Gander Path Traversal vulnerability in Gander Myfusion 6

Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-07-27 CVE-2009-2608 Chatelao SQL Injection vulnerability in Chatelao PHP Address Book 4.0.1/4.0.2

Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php.

6.8
2009-07-27 CVE-2009-2605 Traidnt SQL Injection vulnerability in Traidnt UP 2.0

Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.

6.8
2009-07-27 CVE-2008-6878 ZEN Cart Path Traversal vulnerability in ZEN Cart ZEN Cart 1.3.8/1.3.8A

** DISPUTED ** Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-07-27 CVE-2008-6877 ZEN Cart Path Traversal vulnerability in ZEN Cart ZEN Cart 1.3.8/1.3.8A

** DISPUTED ** Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-07-27 CVE-2009-2598 Onlinegrades SQL Injection vulnerability in Onlinegrades Online Grades 3.2.6

Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.

6.5
2009-07-30 CVE-2009-2049 Cisco Configuration vulnerability in Cisco IOS and IOS XE

Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973.

5.4
2009-07-30 CVE-2009-2409 Mozilla
Openssl
GNU
Cryptographic Issues vulnerability in multiple products

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.

5.1
2009-07-30 CVE-2009-2651 Digium Resource Management Errors vulnerability in Digium Asterisk 1.6.1

main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.

5.0
2009-07-30 CVE-2009-2648 Flashden Permissions, Privileges, and Access Controls vulnerability in Flashden Guestbook

FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function.

5.0
2009-07-30 CVE-2009-2647 Kaspersky Unspecified vulnerability in Kaspersky Anti-Virus and Kaspersky Internet Security

Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."

5.0
2009-07-29 CVE-2009-2620 Firebirdsql Improper Input Validation vulnerability in Firebirdsql Firebird

src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.

5.0
2009-07-28 CVE-2009-2622 Squid Cache Improper Input Validation vulnerability in Squid-Cache Squid

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.

5.0
2009-07-28 CVE-2009-2621 Squid Cache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Squid-Cache Squid

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.

5.0
2009-07-27 CVE-2009-2606 Brainjar Permissions, Privileges, and Access Controls vulnerability in Brainjar ASP Football Pool 2.3

ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb.

5.0
2009-07-27 CVE-2009-2602 R2Newsletter Permissions, Privileges, and Access Controls vulnerability in R2Newsletter products

R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.

5.0
2009-07-27 CVE-2009-2600 Akiva Path Traversal vulnerability in Akiva Webboard 2.90

Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a ..

5.0
2009-07-31 CVE-2009-1870 Adobe Information Exposure vulnerability in Adobe Air, Flash Player and Flex

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."

4.9
2009-07-29 CVE-2009-2644 SUN Race Condition vulnerability in SUN Opensolaris and Solaris

Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."

4.9
2009-07-30 CVE-2009-2649 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd 6.0/8.0

The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.

4.7
2009-07-27 CVE-2009-2596 SUN Local Denial Of Service vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members.

4.7
2009-07-31 CVE-2008-6885 Xoops Cross-Site Scripting vulnerability in Xoops 2.3.1/2.3.2A

Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message.

4.3
2009-07-31 CVE-2009-1867 Adobe Link Following vulnerability in Adobe Air, Flash Player and Flex

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."

4.3
2009-07-30 CVE-2008-6879 Apache Cross-Site Scripting vulnerability in Apache Roller

Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.

4.3
2009-07-29 CVE-2009-0696 ISC Configuration vulnerability in ISC Bind

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

4.3
2009-07-28 CVE-2009-2636 Kerio Cross-Site Scripting vulnerability in Kerio Mailserver

Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message.

4.3
2009-07-27 CVE-2009-2615 Datachecknh Cross-Site Scripting vulnerability in Datachecknh Sitepal 1.1

Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions SitePal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_admin_login.asp, (2) z_forgot.asp, and possibly unspecified other components.

4.3
2009-07-27 CVE-2009-2613 Datachecknh Cross-Site Scripting vulnerability in Datachecknh Linkpal 1.0

Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-07-27 CVE-2009-2610 Drupal
Scott Courtney
Cross-Site Scripting vulnerability in Scott Courtney Links Package

Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.

3.5