Weekly Vulnerabilities Reports > August 10 to 16, 2009

Overview

139 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 127 products from 77 vendors including Microsoft, SUN, IBM, Linux, and Apple. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", and "Code Injection".

  • 128 reported vulnerabilities are remotely exploitables.
  • 63 reported vulnerabilities have public exploit available.
  • 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 119 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

31 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-14 CVE-2009-1048 Snom Improper Authentication vulnerability in Snom products

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.

10.0
2009-08-13 CVE-2008-6973 IBM Unspecified vulnerability in IBM Websphere Commerce

Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.

10.0
2009-08-12 CVE-2009-2494 Microsoft Code Injection vulnerability in Microsoft products

The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."

10.0
2009-08-12 CVE-2009-1930 Microsoft Credentials Management vulnerability in Microsoft products

The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.

10.0
2009-08-11 CVE-2008-6937 Jabber Code Injection vulnerability in Jabber Exodus 0.10

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936.

10.0
2009-08-11 CVE-2008-6935 JOE Fuhrman Code Injection vulnerability in JOE Fuhrman Exodus 0.10

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI.

10.0
2009-08-10 CVE-2009-2723 SUN Unspecified vulnerability in SUN Java SE

Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262.

10.0
2009-08-10 CVE-2009-2722 SUN Unspecified vulnerability in SUN Java SE

Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594.

10.0
2009-08-10 CVE-2009-2721 SUN Unspecified vulnerability in SUN Java SE

Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003.

10.0
2009-08-10 CVE-2009-2689 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

10.0
2009-08-10 CVE-2009-2476 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk

The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.

10.0
2009-08-10 CVE-2009-2415 Memcachedb Numeric Errors vulnerability in Memcachedb Memcached 1.1.12/1.2.2

Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.

10.0
2009-08-10 CVE-2009-2026 CA Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CA products

Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.

10.0
2009-08-10 CVE-2009-1896 Fedoraproject
SUN
Permissions, Privileges, and Access Controls vulnerability in SUN Openjdk

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

10.0
2009-08-12 CVE-2009-2195 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

9.3
2009-08-12 CVE-2009-2496 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."

9.3
2009-08-12 CVE-2009-1929 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."

9.3
2009-08-12 CVE-2009-1924 Microsoft Numeric Errors vulnerability in Microsoft Windows 2000 and Windows 2003 Server

Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."

9.3
2009-08-12 CVE-2009-1923 Microsoft Buffer Errors vulnerability in Microsoft Windows 2000 and Windows 2003 Server

Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."

9.3
2009-08-12 CVE-2009-1545 Microsoft Code Injection vulnerability in Microsoft products

Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."

9.3
2009-08-12 CVE-2009-1534 Microsoft Buffer Errors vulnerability in Microsoft ISA Server, Office and Office web Components

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."

9.3
2009-08-12 CVE-2009-1133 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."

9.3
2009-08-12 CVE-2009-0562 Microsoft Resource Management Errors vulnerability in Microsoft ISA Server, Office and Office web Components

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."

9.3
2009-08-12 CVE-2008-6959 Chilkatsoft Unspecified vulnerability in Chilkatsoft Chilkat Socket

Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method.

9.3
2009-08-12 CVE-2008-6953 Oovoo Buffer Errors vulnerability in Oovoo 1.7.1.35

Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.

9.3
2009-08-11 CVE-2008-6936 Jabber Code Injection vulnerability in Jabber Exodus 0.10

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.

9.3
2009-08-10 CVE-2009-2727 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

9.3
2009-08-10 CVE-2009-2724 SUN Race Condition vulnerability in SUN Java SE

Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."

9.3
2009-08-10 CVE-2008-6922 Youngzsoft Buffer Errors vulnerability in Youngzsoft Cmailserver 5.4.6

Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp.

9.3
2009-08-12 CVE-2009-1544 Microsoft Resource Management Errors vulnerability in Microsoft products

Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."

9.0
2009-08-12 CVE-2008-6954 Michael Dehaan Permissions, Privileges, and Access Controls vulnerability in Michael Dehaan Cobbler

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

9.0

47 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-12 CVE-2009-1546 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."

8.5
2009-08-14 CVE-2009-2765 DD WRT Improper Input Validation vulnerability in Dd-Wrt

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

8.3
2009-08-12 CVE-2009-2726 Asterisk Resource Management Errors vulnerability in Asterisk products

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

7.8
2009-08-11 CVE-2009-0687 Midnightbsd
Mirbsd
Netbsd
Openbsd
Resource Management Errors vulnerability in multiple products

The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.

7.8
2009-08-10 CVE-2009-2475 SUN Information Exposure vulnerability in SUN Java SE and Openjdk

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.

7.8
2009-08-14 CVE-2009-2777 Garagesalesjunkie SQL Injection vulnerability in Garagesalesjunkie Garagesales Script

SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2009-08-14 CVE-2009-2776 Sellatsite COM SQL Injection vulnerability in Sellatsite.Com Smart ASP Survey

SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2009-08-14 CVE-2009-2775 Phparcadescript SQL Injection vulnerability in PHParcadescript 4.0

SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-08-14 CVE-2009-2774 PHP Paid4Mail SQL Injection vulnerability in PHP-Paid4Mail

SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2009-08-14 CVE-2009-2773 Shop 020 Code Injection vulnerability in Shop-020 PHP Paid 4 Mail Script

PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2009-08-14 CVE-2009-2770 Powerupload Permissions, Privileges, and Access Controls vulnerability in Powerupload 2.4

PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.

7.5
2009-08-14 CVE-2009-2766 DD WRT Permissions, Privileges, and Access Controls vulnerability in Dd-Wrt 24

httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.

7.5
2009-08-14 CVE-2009-2417 Curl
Libcurl
Cryptographic Issues vulnerability in multiple products

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

7.5
2009-08-13 CVE-2009-2092 IBM Improper Access Control vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.

7.5
2009-08-13 CVE-2009-2088 IBM Improper Authentication vulnerability in IBM Websphere Application Server

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property.

7.5
2009-08-13 CVE-2009-2085 IBM Improper Authentication vulnerability in IBM Websphere Application Server

The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).

7.5
2009-08-13 CVE-2009-2762 Wordpress Credentials Management vulnerability in Wordpress

wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.

7.5
2009-08-13 CVE-2008-6971 Simplemachines Credentials Management vulnerability in Simplemachines SMF

The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.

7.5
2009-08-13 CVE-2008-6970 Ubbcentral SQL Injection vulnerability in Ubbcentral Ubb.Threads

SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.

7.5
2009-08-13 CVE-2008-6968 Pligg SQL Injection vulnerability in Pligg CMS 9.9.5

Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.

7.5
2009-08-13 CVE-2008-6966 AJ Square Permissions, Privileges, and Access Controls vulnerability in AJ Square AJ Auction 1.0

AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.

7.5
2009-08-13 CVE-2008-6965 AJ Square Improper Authentication vulnerability in AJ Square AJ Auction 1.0/2.0/Web2.0

AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.

7.5
2009-08-13 CVE-2008-6964 X7 Group SQL Injection vulnerability in X7 Group X7 Chat 2.0.5

SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.

7.5
2009-08-13 CVE-2008-6963 Turnkeyforms Permissions, Privileges, and Access Controls vulnerability in Turnkeyforms Text Link Sales

admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.

7.5
2009-08-12 CVE-2009-2730 GNU Cryptographic Issues vulnerability in GNU Gnutls

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

7.5
2009-08-12 CVE-2008-6957 Discuz Permissions, Privileges, and Access Controls vulnerability in Discuz Discuz!

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

7.5
2009-08-12 CVE-2008-6955 Infireal Information Exposure vulnerability in Infireal Mxcamarchive 2.2

mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini.

7.5
2009-08-12 CVE-2008-6952 CMS Maury91 SQL Injection vulnerability in Cms.Maury91 Maurycms 0.53.2

SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.

7.5
2009-08-12 CVE-2008-6951 CMS Maury91 Improper Authentication vulnerability in Cms.Maury91 Maurycms 0.53.2

MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request.

7.5
2009-08-12 CVE-2008-6950 Webhost Panel SQL Injection vulnerability in Webhost-Panel Bankoi Webhosting Control Panel 1.20

Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.

7.5
2009-08-12 CVE-2008-6947 Collabtive Improper Authentication vulnerability in Collabtive 0.4.8

Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.

7.5
2009-08-12 CVE-2008-6941 Turnkeyforms SQL Injection vulnerability in Turnkeyforms web Hosting Directory

SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.

7.5
2009-08-12 CVE-2008-6940 Turnkeyforms Permissions, Privileges, and Access Controls vulnerability in Turnkeyforms web Hosting Directory

TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.

7.5
2009-08-12 CVE-2008-6939 Turnkeyforms Improper Authentication vulnerability in Turnkeyforms web Hosting Directory

TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.

7.5
2009-08-11 CVE-2008-6934 Sansuart Code Injection vulnerability in Sansuart Free Simple Guestbook PHP Script

Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed.

7.5
2009-08-11 CVE-2008-6932 Alstrasoft Permissions, Privileges, and Access Controls vulnerability in Alstrasoft Sendit

Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/.

7.5
2009-08-10 CVE-2009-2716 SUN Unspecified vulnerability in SUN Java SE

The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors.

7.5
2009-08-10 CVE-2008-6923 Joomla SQL Injection vulnerability in Joomla COM Content 1.0.0

SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.

7.5
2009-08-10 CVE-2008-6921 W2B Permissions, Privileges, and Access Controls vulnerability in W2B PHPadboard 1.8

Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/.

7.5
2009-08-10 CVE-2008-6920 W2B Permissions, Privileges, and Access Controls vulnerability in W2B PHPemployment 1.8

Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/.

7.5
2009-08-10 CVE-2008-6919 Taskdriver Improper Authentication vulnerability in Taskdriver 1.2

profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."

7.5
2009-08-14 CVE-2009-2768 Linux Null Pointer Dereference vulnerability in Linux Kernel

The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer."

7.2
2009-08-14 CVE-2009-2767 Linux Buffer Errors vulnerability in Linux Kernel and Linux Kernel

The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.

7.2
2009-08-14 CVE-2009-2692 Linux Buffer Errors vulnerability in Linux Kernel and Linux Kernel

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

7.2
2009-08-13 CVE-2009-2761 Avira Local Security vulnerability in Antivir Security Suite

Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory.

7.2
2009-08-13 CVE-2008-6962 Avira Improper Input Validation vulnerability in Avira products

Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.

7.2
2009-08-12 CVE-2009-2200 Apple
Microsoft
Information Exposure vulnerability in Apple Safari

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

7.1

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-12 CVE-2009-1922 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."

6.9
2009-08-14 CVE-2009-2769 Ultrize Code Injection vulnerability in Ultrize Timesheet 1.2.2

PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter.

6.8
2009-08-14 CVE-2009-2677 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control Suite FOR Linux

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2009-08-14 CVE-2008-6975 DD WRT Cross-Site Request Forgery (CSRF) vulnerability in Dd-Wrt 24

Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.

6.8
2009-08-14 CVE-2008-6974 DD WRT Cross-Site Request Forgery (CSRF) vulnerability in Dd-Wrt

Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.

6.8
2009-08-12 CVE-2008-6949 Collabtive Cross-Site Request Forgery (CSRF) vulnerability in Collabtive 0.4.8

Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors.

6.8
2009-08-11 CVE-2009-2735 SUN Jester SQL Injection vulnerability in Sun-Jester Opennews 1.0

SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8
2009-08-10 CVE-2009-2718 SUN
X ORG
Permissions, Privileges, and Access Controls vulnerability in SUN Java SE 6

The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.

6.8
2009-08-10 CVE-2009-2717 SUN
Microsoft
Permissions, Privileges, and Access Controls vulnerability in SUN Java SE

The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.

6.8
2009-08-10 CVE-2008-6926 Cpanel
Netenberg
Path Traversal vulnerability in Netenberg Fantastico DE Luxe

Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action.

6.8
2009-08-10 CVE-2008-6918 Theportal2 PL Permissions, Privileges, and Access Controls vulnerability in Theportal2.Pl Theportal2 2.2

Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/.

6.8
2009-08-13 CVE-2009-2093 IBM SQL Injection vulnerability in IBM Websphere Partner Gateway

SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2009-08-13 CVE-2009-0906 IBM Improper Authentication vulnerability in IBM Websphere Application Server 1.0/1.0.0.2

The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.

6.5
2009-08-12 CVE-2008-6958 Comsenz Code Injection vulnerability in Comsenz Crossday Discuz! Board 6.0.1/7.0

wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.

6.5
2009-08-12 CVE-2008-6956 Infireal Code Injection vulnerability in Infireal Mxcamarchive 2.2

Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php.

6.5
2009-08-12 CVE-2008-6948 Collabtive Improper Input Validation vulnerability in Collabtive 0.4.8

Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature.

6.5
2009-08-12 CVE-2008-6944 Scriptsfeed Improper Input Validation vulnerability in Scriptsfeed Auto Classifieds

Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.

6.5
2009-08-12 CVE-2008-6943 Scriptsfeed Improper Input Validation vulnerability in Scriptsfeed Recipes Listing Portal

Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.

6.5
2009-08-12 CVE-2008-6942 Scriptsfeed Improper Input Validation vulnerability in Scriptsfeed Realtor Classifieds System

Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.

6.5
2009-08-11 CVE-2008-6931 Phpstore Permissions, Privileges, and Access Controls vulnerability in PHPstore PHPcareers

Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images.

6.5
2009-08-11 CVE-2008-6930 Phpstore Permissions, Privileges, and Access Controls vulnerability in PHPstore Real Estate

Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/.

6.5
2009-08-11 CVE-2008-6929 Phpstore Permissions, Privileges, and Access Controls vulnerability in PHPstore Auto Classifieds

Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/.

6.5
2009-08-11 CVE-2008-6928 Phpstore Permissions, Privileges, and Access Controls vulnerability in PHPstore Complete Classifieds

Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/.

6.5
2009-08-11 CVE-2009-2736 SUN Jester Code Injection vulnerability in Sun-Jester Opennews 1.0

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action.

6.5
2009-08-12 CVE-2009-2199 Apple Unspecified vulnerability in Apple Iphone OS and Safari

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

5.8
2009-08-11 CVE-2009-2737 Toni Mueller Permissions, Privileges, and Access Controls vulnerability in Toni Mueller Roundup

The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.

5.5
2009-08-14 CVE-2009-2764 Microsoft Denial of Service vulnerability in Microsoft Internet Explorer 8

Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.

5.0
2009-08-13 CVE-2009-2091 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2009-08-13 CVE-2009-2090 IBM Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors.

5.0
2009-08-13 CVE-2008-6967 ALT N Unspecified vulnerability in Alt-N Mdaemon and Worldclient

Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893.

5.0
2009-08-12 CVE-2009-2196 Apple
Microsoft
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
5.0
2009-08-12 CVE-2008-6960 X10Media Permissions, Privileges, and Access Controls vulnerability in X10Media X10 Automatic MP3 Script 1.5.5/1.6

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

5.0
2009-08-11 CVE-2008-6933 Minigal Path Traversal vulnerability in Minigal B13

Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a ..

5.0
2009-08-10 CVE-2009-2720 SUN Unspecified vulnerability in SUN Java SE

Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors.

5.0
2009-08-10 CVE-2009-2719 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Java SE

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).

5.0
2009-08-10 CVE-2009-2690 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.

5.0
2009-08-12 CVE-2009-1427 HP Local Denial Of Service vulnerability in HP Hpux B.11.31

Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.

4.9
2009-08-14 CVE-2009-2778 Garagesalesjunkie Cross-Site Scripting vulnerability in Garagesalesjunkie Garagesales Script

Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.

4.3
2009-08-14 CVE-2009-2772 Realtysoft Cross-Site Scripting vulnerability in Realtysoft PG Roomate Finder Solution

Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.

4.3
2009-08-14 CVE-2009-2771 Freearcadescript Cross-Site Scripting vulnerability in Freearcadescript Free Arcade Script 1.3

Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/.

4.3
2009-08-13 CVE-2008-6969 Pentasoft Corp Cross-Site Scripting vulnerability in Pentasoft Corp. Avactis Shopping Cart 1.8.0/1.8.1

Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters.

4.3
2009-08-13 CVE-2008-6961 Mozilla Information Exposure vulnerability in Mozilla Seamonkey and Thunderbird

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.

4.3
2009-08-12 CVE-2008-6946 Collabtive Cross-Site Scripting vulnerability in Collabtive 0.4.8

Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.

4.3
2009-08-12 CVE-2008-6945 Icdevgroup Cross-Site Scripting vulnerability in Icdevgroup Interchange

Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.

4.3
2009-08-11 CVE-2008-6938 Holger Zimmermann Improper Input Validation vulnerability in Holger Zimmermann Pi3Web

Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.

4.3
2009-08-11 CVE-2009-2739 Freenas Cross-Site Scripting vulnerability in Freenas 0.686.3/0.686.4/0.69

Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-08-11 CVE-2009-2738 Freenas Cross-Site Scripting vulnerability in Freenas 0.69.1

Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

4.3
2009-08-11 CVE-2009-2416 Xmlsoft Resource Management Errors vulnerability in Xmlsoft Libxml and Libxml2

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

4.3
2009-08-11 CVE-2009-2414 Xmlsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xmlsoft Libxml and Libxml2

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

4.3
2009-08-11 CVE-2009-1885 Apache Buffer Errors vulnerability in Apache Xerces-C++ 2.7.0/2.8.0

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.

4.3
2009-08-11 CVE-2009-2705 SUN
Broadcom
Permissions, Privileges, and Access Controls vulnerability in multiple products

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.

4.3
2009-08-11 CVE-2009-2704 SUN Permissions, Privileges, and Access Controls vulnerability in SUN J2Ee

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).

4.3
2009-08-10 CVE-2008-6927 Cpanel Cross-Site Scripting vulnerability in Cpanel

Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.

4.3
2009-08-10 CVE-2008-6925 Zenphoto Cross-Site Scripting vulnerability in Zenphoto 1.1.7

Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature.

4.3
2009-08-10 CVE-2008-6924 Intelliants Cross-Site Scripting vulnerability in Intelliants Esyndicat 2.2

Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-13 CVE-2008-6972 Drupal
Karen Stevenson
Yves Chedemois
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.

3.5
2009-08-12 CVE-2009-1536 Microsoft Improper Input Validation vulnerability in Microsoft .Net Framework, Windows Server 2008 and Windows Vista

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."

2.6
2009-08-14 CVE-2009-2691 Linux Information Exposure vulnerability in Linux Kernel

The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.

2.1
2009-08-13 CVE-2009-2089 IBM Configuration vulnerability in IBM Websphere Application Server

The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.

2.1
2009-08-13 CVE-2009-2087 IBM Credentials Management vulnerability in IBM Websphere Application Server

The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors.

2.1
2009-08-13 CVE-2009-2094 IBM Unspecified vulnerability in IBM Websphere Commerce

Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors.

1.5