Weekly Vulnerabilities Reports > August 3 to 9, 2009

Overview

85 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 43 vendors including SUN, Apple, Mozilla, Microsoft, and Zeeways. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", and "Improper Input Validation".

  • 76 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 75 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-07 CVE-2008-6916 Siemens
John DOE
Improper Authentication vulnerability in multiple products

Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.

10.0
2009-08-06 CVE-2009-2193 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.

10.0
2009-08-06 CVE-2009-2412 Apache Numeric Errors vulnerability in Apache Apr-Util and Portable Runtime

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows.

10.0
2009-08-06 CVE-2008-6904 Sophos File Processing Remote Denial Of Service vulnerability in Sophos Anti-Virus and Anti-Virus7.6.3

Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE.

10.0
2009-08-05 CVE-2009-2688 Xemacs Numeric Errors vulnerability in Xemacs 21.4.22

Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow.

10.0
2009-08-05 CVE-2009-2675 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.

10.0
2009-08-05 CVE-2009-2667 IBM Unspecified vulnerability in IBM Tklm 1.0

Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."

10.0
2009-08-04 CVE-2009-2665 Mozilla Code Injection vulnerability in Mozilla Firefox 3.5/3.5.1/3.5.2

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.

10.0
2009-08-04 CVE-2009-2662 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox

The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors.

10.0
2009-08-03 CVE-2009-2204 Apple Remote Code Execution vulnerability in Apple iPhone SMS Application

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.

10.0
2009-08-06 CVE-2009-2188 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.

9.3
2009-08-06 CVE-2009-1726 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

9.3
2009-08-05 CVE-2008-6898 Saschart Buffer Errors vulnerability in Saschart Sascam Webcam Server 2.6.5

Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.

9.3
2009-08-05 CVE-2008-6897 Andres Garcia Buffer Errors vulnerability in Andres Garcia Getleft 1.2

Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) "a" HTML tag; a long src attribute in (2) embed, (3) img, or (4) script tags; (5) a long background attribute in a body tag; and other unspecified tags.

9.3
2009-08-04 CVE-2009-2663 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

9.3
2009-08-03 CVE-2009-2404 Mozilla
AOL
Gnome
Pidgin
Buffer Errors vulnerability in Mozilla Network Security Services 3.12.3

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

9.3
2009-08-05 CVE-2008-6899 Freesshd Buffer Errors vulnerability in Freesshd 1.2.1

Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command.

9.0

21 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-07 CVE-2009-2411 Subversion Numeric Errors vulnerability in Subversion

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

8.5
2009-08-06 CVE-2009-2190 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.

7.8
2009-08-05 CVE-2009-2668 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7

Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232.

7.8
2009-08-03 CVE-2008-6895 3CX Unspecified vulnerability in 3CX Phone System 6.0.806.0

3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vectors, as demonstrated by vulnerability scans from Nessus or SAINT.

7.8
2009-08-07 CVE-2009-0669 Zope Improper Authentication vulnerability in Zope Zodb 3.8/3.8.0

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

7.5
2009-08-07 CVE-2008-6917 Exoscripts SQL Injection vulnerability in Exoscripts Exophpdesk 1.2

SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter).

7.5
2009-08-07 CVE-2008-6912 Zeeways Improper Authentication vulnerability in Zeeways Shaadiclone 2.0

Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php.

7.5
2009-08-06 CVE-2008-6910 Drupal
Marc Ingram
Cryptographic Issues vulnerability in Marc Ingram Services

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.

7.5
2009-08-06 CVE-2008-6908 Marc Ingram
Drupal
Cryptographic Issues vulnerability in Marc Ingram Services

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.

7.5
2009-08-06 CVE-2009-2192 Apple Credentials Management vulnerability in Apple mac OS X and mac OS X Server

MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."

7.5
2009-08-06 CVE-2009-2191 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server

Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

7.5
2009-08-05 CVE-2009-2674 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.

7.5
2009-08-05 CVE-2009-2673 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.

7.5
2009-08-05 CVE-2009-2672 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.

7.5
2009-08-04 CVE-2009-2658 ZNC Path Traversal vulnerability in ZNC

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.

7.5
2009-08-03 CVE-2008-6892 Peel SQL Injection vulnerability in Peel 3.1

SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter.

7.5
2009-08-03 CVE-2008-6890 Codetoad SQL Injection vulnerability in Codetoad ASP Forum Script

SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.

7.5
2009-08-03 CVE-2008-6889 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Aspreferral 5.3

SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.

7.5
2009-08-03 CVE-2008-6887 Preprojects SQL Injection vulnerability in Preprojects PRE Classified Listings 1.0

SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.

7.5
2009-08-06 CVE-2009-0151 Apple Multiple Security vulnerability in Apple Mac OS X 2009-003

The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

7.2
2009-08-05 CVE-2009-2669 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.3/6.1

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

7.2

46 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-06 CVE-2008-6911 Brewblogger SQL Injection vulnerability in Brewblogger 2.1.0.1

SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php.

6.8
2009-08-06 CVE-2008-6907 2532Gigs SQL Injection vulnerability in 2532Gigs 1.2.2

Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php.

6.8
2009-08-06 CVE-2009-1728 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

6.8
2009-08-06 CVE-2009-1727 Apple Multiple Security vulnerability in Apple Mac OS X 2009-003

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.

6.8
2009-08-06 CVE-2008-6902 2532Gigs Code Injection vulnerability in 2532Gigs 1.2.2

Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/.

6.8
2009-08-05 CVE-2009-2676 SUN Unspecified vulnerability in SUN products

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.

6.8
2009-08-04 CVE-2009-2660 JUN Furuse Numeric Errors vulnerability in JUN Furuse Camlimages 2.2

Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.

6.8
2009-08-03 CVE-2009-2652 SUN Remote Denial of Service vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets.

6.8
2009-08-07 CVE-2009-0668 Zope Code Injection vulnerability in Zope Zodb

Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.

6.5
2009-08-07 CVE-2008-6914 Zeeways Permissions, Privileges, and Access Controls vulnerability in Zeeways Zeeproperty 1.0

Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/.

6.5
2009-08-07 CVE-2008-6913 Zeeways Improper Input Validation vulnerability in Zeeways Zeejobsite 2.0

Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos/.

6.5
2009-08-06 CVE-2008-6909 Marc Ingram
Drupal
Cryptographic Issues vulnerability in Marc Ingram Services

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.

6.5
2009-08-06 CVE-2008-6900 Availscript Code Injection vulnerability in Availscript Article Script

Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/.

6.5
2009-08-05 CVE-2009-2579 CS Cart SQL Injection vulnerability in Cs-Cart

SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.

6.5
2009-08-07 CVE-2009-2666 Fetchmail Cryptographic Issues vulnerability in Fetchmail

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

6.4
2009-08-06 CVE-2008-6905 Babbleboard Cross-Site Request Forgery (CSRF) vulnerability in Babbleboard 1.1.6

Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page.

6.0
2009-08-03 CVE-2009-2654 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.

5.8
2009-08-06 CVE-2008-6901 2532Gigs Path Traversal vulnerability in 2532Gigs 1.2.2

Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..

5.1
2009-08-06 CVE-2009-2625 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

5.0
2009-08-05 CVE-2009-2671 SUN Privilege Escalation vulnerability in SUN JDK and JRE

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

5.0
2009-08-05 CVE-2009-2670 SUN Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

5.0
2009-08-04 CVE-2009-2664 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.

5.0
2009-08-04 CVE-2009-2661 Strongswan Cryptographic Issues vulnerability in Strongswan

The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data.

5.0
2009-08-04 CVE-2009-2659 Django Project Path Traversal vulnerability in Django Project Django 0.96/1.0

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.

5.0
2009-08-04 CVE-2009-2470 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.

5.0
2009-08-03 CVE-2009-2656 Google Remote Denial Of Service vulnerability in Google Android 1.0/1.1/1.5

Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.

5.0
2009-08-03 CVE-2008-6896 3CX Information Exposure vulnerability in 3CX Phone System 6.0.806.0

login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path.

5.0
2009-08-03 CVE-2008-6886 RSA Permissions, Privileges, and Access Controls vulnerability in RSA Envision

RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.

5.0
2009-08-07 CVE-2009-2715 SUN Improper Input Validation vulnerability in SUN Virtualbox 2.2/3.0.2

Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.

4.9
2009-08-07 CVE-2009-2714 SUN Local Denial Of Service vulnerability in SUN Virtualbox 3.0.0/3.0.2

Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.

4.9
2009-08-07 CVE-2009-2711 SUN
X ORG
Information Exposure vulnerability in multiple products

XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.

4.9
2009-08-06 CVE-2009-2194 Apple Multiple Security vulnerability in Apple Mac OS X 2009-003

Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."

4.9
2009-08-04 CVE-2009-2657 Nilf Permissions, Privileges, and Access Controls vulnerability in Nilf Nilfs

nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.

4.6
2009-08-03 CVE-2009-2653 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2003 and Windows XP

** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location.

4.6
2009-08-07 CVE-2009-2713 SUN Information Disclosure vulnerability in SUN Java System Access Manager and Java System web Server

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

4.3
2009-08-07 CVE-2008-6915 Zeeways Cross-Site Scripting vulnerability in Zeeways Zeeproperty 1.0

Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter.

4.3
2009-08-06 CVE-2008-6906 Babbleboard Cross-Site Scripting vulnerability in Babbleboard 1.1.6

Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.

4.3
2009-08-06 CVE-2009-1723 Apple Multiple Security vulnerability in Apple Mac OS X 2009-003

CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.

4.3
2009-08-06 CVE-2008-6903 Sophos Resource Management Errors vulnerability in Sophos Anti-Virus and Anti-Virus7.6.3

Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.

4.3
2009-08-05 CVE-2009-2687 PHP Improper Input Validation vulnerability in PHP 5.2.10

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

4.3
2009-08-04 CVE-2009-2198 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Garageband

Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.

4.3
2009-08-03 CVE-2008-6894 3CX Cross-Site Scripting vulnerability in 3CX Phone System 6.0.806.0/6.1793

Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters.

4.3
2009-08-03 CVE-2008-6893 Microsoft
ALT N
Cross-Site Scripting vulnerability in Alt-N Worldclient 10.0.2

Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag.

4.3
2009-08-03 CVE-2009-2655 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 7/8

mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.

4.3
2009-08-03 CVE-2008-6891 Codetoad Cross-Site Scripting vulnerability in Codetoad ASP Forum Script

Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.

4.3
2009-08-03 CVE-2008-6888 Preprojects Cross-Site Scripting vulnerability in Preprojects PRE Classified Listings 1.0

Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-07 CVE-2009-2712 SUN Permissions, Privileges, and Access Controls vulnerability in SUN products

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

2.1