Weekly Vulnerabilities Reports > August 10 to 16, 2009
Overview
126 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 136 products from 82 vendors including SUN, Microsoft, IBM, Apple, and DD WRT. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".
- 117 reported vulnerabilities are remotely exploitables.
- 63 reported vulnerabilities have public exploit available.
- 37 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 106 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 15 reported vulnerabilities.
- SUN has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
25 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-08-13 | CVE-2008-6973 | IBM | Unspecified vulnerability in IBM Websphere Commerce Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors. | 10.0 |
2009-08-11 | CVE-2008-6937 | Jabber | Code Injection vulnerability in Jabber Exodus 0.10 Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. | 10.0 |
2009-08-11 | CVE-2008-6935 | JOE Fuhrman | Code Injection vulnerability in JOE Fuhrman Exodus 0.10 Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI. | 10.0 |
2009-08-10 | CVE-2009-2723 | SUN | Unspecified vulnerability in SUN Java SE Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262. | 10.0 |
2009-08-10 | CVE-2009-2722 | SUN | Unspecified vulnerability in SUN Java SE Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. | 10.0 |
2009-08-10 | CVE-2009-2721 | SUN | Unspecified vulnerability in SUN Java SE Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003. | 10.0 |
2009-08-10 | CVE-2009-2689 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | 10.0 |
2009-08-10 | CVE-2009-2476 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. | 10.0 |
2009-08-10 | CVE-2009-2415 | Memcachedb | Numeric Errors vulnerability in Memcachedb Memcached 1.1.12/1.2.2 Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows. | 10.0 |
2009-08-10 | CVE-2009-2026 | CA | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CA products Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data. | 10.0 |
2009-08-10 | CVE-2009-1896 | Fedoraproject SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Openjdk The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. | 10.0 |
2009-08-14 | CVE-2009-1048 | Snom | Authentication Bypass by Spoofing vulnerability in Snom products The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header. | 9.8 |
2009-08-12 | CVE-2009-2195 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. | 9.3 |
2009-08-12 | CVE-2009-2496 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability." | 9.3 |
2009-08-12 | CVE-2009-1924 | Microsoft | Numeric Errors vulnerability in Microsoft Windows 2000 and Windows 2003 Server Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." | 9.3 |
2009-08-12 | CVE-2009-1923 | Microsoft | Buffer Errors vulnerability in Microsoft Windows 2000 and Windows 2003 Server Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." | 9.3 |
2009-08-12 | CVE-2009-1534 | Microsoft | Buffer Errors vulnerability in Microsoft ISA Server, Office and Office web Components Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." | 9.3 |
2009-08-12 | CVE-2009-0562 | Microsoft | Resource Management Errors vulnerability in Microsoft ISA Server, Office and Office web Components The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." | 9.3 |
2009-08-12 | CVE-2008-6959 | Chilkatsoft | Unspecified vulnerability in Chilkatsoft Chilkat Socket Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. | 9.3 |
2009-08-12 | CVE-2008-6953 | Oovoo | Buffer Errors vulnerability in Oovoo 1.7.1.35 Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI. | 9.3 |
2009-08-11 | CVE-2008-6936 | Jabber | Code Injection vulnerability in Jabber Exodus 0.10 Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935. | 9.3 |
2009-08-10 | CVE-2009-2727 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15. | 9.3 |
2009-08-10 | CVE-2009-2724 | SUN | Race Condition vulnerability in SUN Java SE Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks." | 9.3 |
2009-08-10 | CVE-2008-6922 | Youngzsoft | Buffer Errors vulnerability in Youngzsoft Cmailserver 5.4.6 Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp. | 9.3 |
2009-08-12 | CVE-2008-6954 | Michael Dehaan | Permissions, Privileges, and Access Controls vulnerability in Michael Dehaan Cobbler The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules. | 9.0 |
44 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-08-14 | CVE-2009-2765 | DD WRT | Improper Input Validation vulnerability in Dd-Wrt httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI. | 8.3 |
2009-08-14 | CVE-2009-2768 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer." | 7.8 |
2009-08-14 | CVE-2009-2692 | Linux Debian Suse Redhat | Use of Uninitialized Resource vulnerability in multiple products The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | 7.8 |
2009-08-11 | CVE-2009-0687 | Midnightbsd Mirbsd Netbsd Openbsd | Resource Management Errors vulnerability in multiple products The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. | 7.8 |
2009-08-10 | CVE-2009-2475 | SUN | Information Exposure vulnerability in SUN Java SE and Openjdk Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673. | 7.8 |
2009-08-14 | CVE-2009-2777 | Garagesalesjunkie | SQL Injection vulnerability in Garagesalesjunkie Garagesales Script SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
2009-08-14 | CVE-2009-2776 | Sellatsite COM | SQL Injection vulnerability in Sellatsite.Com Smart ASP Survey SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2009-08-14 | CVE-2009-2775 | Phparcadescript | SQL Injection vulnerability in PHParcadescript 4.0 SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-08-14 | CVE-2009-2774 | PHP Paid4Mail | SQL Injection vulnerability in PHP-Paid4Mail SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2009-08-14 | CVE-2009-2773 | Shop 020 | Code Injection vulnerability in Shop-020 PHP Paid 4 Mail Script PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2009-08-14 | CVE-2009-2770 | Powerupload | Permissions, Privileges, and Access Controls vulnerability in Powerupload 2.4 PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie. | 7.5 |
2009-08-14 | CVE-2009-2766 | DD WRT | Permissions, Privileges, and Access Controls vulnerability in Dd-Wrt 24 httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests. | 7.5 |
2009-08-14 | CVE-2009-2417 | Curl Libcurl | Cryptographic Issues vulnerability in multiple products lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
2009-08-13 | CVE-2009-2092 | IBM | Improper Access Control vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | 7.5 |
2009-08-13 | CVE-2009-2088 | IBM | Improper Authentication vulnerability in IBM Websphere Application Server The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property. | 7.5 |
2009-08-13 | CVE-2009-2085 | IBM | Improper Authentication vulnerability in IBM Websphere Application Server The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). | 7.5 |
2009-08-13 | CVE-2009-2762 | Wordpress | Credentials Management vulnerability in Wordpress wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array. | 7.5 |
2009-08-13 | CVE-2008-6971 | Simplemachines | Credentials Management vulnerability in Simplemachines SMF The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges. | 7.5 |
2009-08-13 | CVE-2008-6970 | Ubbcentral | SQL Injection vulnerability in Ubbcentral Ubb.Threads SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter. | 7.5 |
2009-08-13 | CVE-2008-6968 | Pligg | SQL Injection vulnerability in Pligg CMS 9.9.5 Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | 7.5 |
2009-08-13 | CVE-2008-6966 | AJ Square | Permissions, Privileges, and Access Controls vulnerability in AJ Square AJ Auction 1.0 AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php. | 7.5 |
2009-08-13 | CVE-2008-6965 | AJ Square | Improper Authentication vulnerability in AJ Square AJ Auction 1.0/2.0/Web2.0 AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors. | 7.5 |
2009-08-13 | CVE-2008-6964 | X7 Group | SQL Injection vulnerability in X7 Group X7 Chat 2.0.5 SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field. | 7.5 |
2009-08-13 | CVE-2008-6963 | Turnkeyforms | Permissions, Privileges, and Access Controls vulnerability in Turnkeyforms Text Link Sales admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request. | 7.5 |
2009-08-12 | CVE-2009-2730 | GNU | Cryptographic Issues vulnerability in GNU Gnutls libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 7.5 |
2009-08-12 | CVE-2008-6957 | Discuz | Permissions, Privileges, and Access Controls vulnerability in Discuz Discuz! member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | 7.5 |
2009-08-12 | CVE-2008-6955 | Infireal | Information Exposure vulnerability in Infireal Mxcamarchive 2.2 mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini. | 7.5 |
2009-08-12 | CVE-2008-6952 | CMS Maury91 | SQL Injection vulnerability in Cms.Maury91 Maurycms 0.53.2 SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. | 7.5 |
2009-08-12 | CVE-2008-6951 | CMS Maury91 | Improper Authentication vulnerability in Cms.Maury91 Maurycms 0.53.2 MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request. | 7.5 |
2009-08-12 | CVE-2008-6950 | Webhost Panel | SQL Injection vulnerability in Webhost-Panel Bankoi Webhosting Control Panel 1.20 Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | 7.5 |
2009-08-12 | CVE-2008-6947 | Collabtive | Improper Authentication vulnerability in Collabtive 0.4.8 Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php. | 7.5 |
2009-08-12 | CVE-2008-6941 | Turnkeyforms | SQL Injection vulnerability in Turnkeyforms web Hosting Directory SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. | 7.5 |
2009-08-12 | CVE-2008-6940 | Turnkeyforms | Permissions, Privileges, and Access Controls vulnerability in Turnkeyforms web Hosting Directory TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | 7.5 |
2009-08-12 | CVE-2008-6939 | Turnkeyforms | Improper Authentication vulnerability in Turnkeyforms web Hosting Directory TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | 7.5 |
2009-08-11 | CVE-2008-6934 | Sansuart | Code Injection vulnerability in Sansuart Free Simple Guestbook PHP Script Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. | 7.5 |
2009-08-11 | CVE-2008-6932 | Alstrasoft | Permissions, Privileges, and Access Controls vulnerability in Alstrasoft Sendit Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/. | 7.5 |
2009-08-10 | CVE-2009-2716 | SUN | Unspecified vulnerability in SUN Java SE The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors. | 7.5 |
2009-08-10 | CVE-2008-6923 | Joomla | SQL Injection vulnerability in Joomla COM Content 1.0.0 SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | 7.5 |
2009-08-10 | CVE-2008-6921 | W2B | Permissions, Privileges, and Access Controls vulnerability in W2B PHPadboard 1.8 Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/. | 7.5 |
2009-08-10 | CVE-2008-6920 | W2B | Permissions, Privileges, and Access Controls vulnerability in W2B PHPemployment 1.8 Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/. | 7.5 |
2009-08-10 | CVE-2008-6919 | Taskdriver | Improper Authentication vulnerability in Taskdriver 1.2 profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." | 7.5 |
2009-08-13 | CVE-2009-2761 | Avira | Local Security vulnerability in Antivir Security Suite Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory. | 7.2 |
2009-08-13 | CVE-2008-6962 | Avira | Improper Input Validation vulnerability in Avira products Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer. | 7.2 |
2009-08-12 | CVE-2009-2200 | Apple Microsoft | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | 7.1 |
52 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-08-12 | CVE-2009-1922 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." | 6.9 |
2009-08-14 | CVE-2009-2769 | Ultrize | Code Injection vulnerability in Ultrize Timesheet 1.2.2 PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter. | 6.8 |
2009-08-14 | CVE-2009-2677 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control Suite FOR Linux Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2009-08-14 | CVE-2008-6975 | DD WRT | Cross-Site Request Forgery (CSRF) vulnerability in Dd-Wrt 24 Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. | 6.8 |
2009-08-14 | CVE-2008-6974 | DD WRT | Cross-Site Request Forgery (CSRF) vulnerability in Dd-Wrt Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. | 6.8 |
2009-08-12 | CVE-2008-6949 | Collabtive | Cross-Site Request Forgery (CSRF) vulnerability in Collabtive 0.4.8 Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. | 6.8 |
2009-08-11 | CVE-2009-2735 | SUN Jester | SQL Injection vulnerability in Sun-Jester Opennews 1.0 SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 6.8 |
2009-08-10 | CVE-2009-2718 | SUN X ORG | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE 6 The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | 6.8 |
2009-08-10 | CVE-2009-2717 | SUN Microsoft | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | 6.8 |
2009-08-10 | CVE-2008-6926 | Cpanel Netenberg | Path Traversal vulnerability in Netenberg Fantastico DE Luxe Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. | 6.8 |
2009-08-10 | CVE-2008-6918 | Theportal2 PL | Permissions, Privileges, and Access Controls vulnerability in Theportal2.Pl Theportal2 2.2 Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | 6.8 |
2009-08-13 | CVE-2009-2093 | IBM | SQL Injection vulnerability in IBM Websphere Partner Gateway SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2009-08-13 | CVE-2009-0906 | IBM | Improper Authentication vulnerability in IBM Websphere Application Server 1.0/1.0.0.2 The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. | 6.5 |
2009-08-12 | CVE-2008-6958 | Comsenz | Code Injection vulnerability in Comsenz Crossday Discuz! Board 6.0.1/7.0 wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter. | 6.5 |
2009-08-12 | CVE-2008-6956 | Infireal | Code Injection vulnerability in Infireal Mxcamarchive 2.2 Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. | 6.5 |
2009-08-12 | CVE-2008-6948 | Collabtive | Improper Input Validation vulnerability in Collabtive 0.4.8 Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature. | 6.5 |
2009-08-12 | CVE-2008-6944 | Scriptsfeed | Improper Input Validation vulnerability in Scriptsfeed Auto Classifieds Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/. | 6.5 |
2009-08-12 | CVE-2008-6943 | Scriptsfeed | Improper Input Validation vulnerability in Scriptsfeed Recipes Listing Portal Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/. | 6.5 |
2009-08-12 | CVE-2008-6942 | Scriptsfeed | Improper Input Validation vulnerability in Scriptsfeed Realtor Classifieds System Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. | 6.5 |
2009-08-11 | CVE-2008-6931 | Phpstore | Permissions, Privileges, and Access Controls vulnerability in PHPstore PHPcareers Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images. | 6.5 |
2009-08-11 | CVE-2008-6930 | Phpstore | Permissions, Privileges, and Access Controls vulnerability in PHPstore Real Estate Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/. | 6.5 |
2009-08-11 | CVE-2008-6929 | Phpstore | Permissions, Privileges, and Access Controls vulnerability in PHPstore Auto Classifieds Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/. | 6.5 |
2009-08-11 | CVE-2008-6928 | Phpstore | Permissions, Privileges, and Access Controls vulnerability in PHPstore Complete Classifieds Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. | 6.5 |
2009-08-11 | CVE-2009-2416 | Xmlsoft Fedoraproject Debian Redhat Canonical Apple Suse Opensuse Vmware SUN | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | 6.5 |
2009-08-11 | CVE-2009-2736 | SUN Jester | Code Injection vulnerability in Sun-Jester Opennews 1.0 Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action. | 6.5 |
2009-08-12 | CVE-2009-2199 | Apple | Unspecified vulnerability in Apple Safari Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. | 5.8 |
2009-08-11 | CVE-2009-2737 | Toni Mueller | Permissions, Privileges, and Access Controls vulnerability in Toni Mueller Roundup The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users. | 5.5 |
2009-08-14 | CVE-2009-2764 | Microsoft | Denial of Service vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. | 5.0 |
2009-08-13 | CVE-2009-2091 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2009-08-13 | CVE-2009-2090 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors. | 5.0 |
2009-08-13 | CVE-2008-6967 | ALT N | Unspecified vulnerability in Alt-N Mdaemon and Worldclient Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893. | 5.0 |
2009-08-12 | CVE-2009-2196 | Apple Microsoft | Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. | 5.0 |
2009-08-12 | CVE-2008-6960 | X10Media | Permissions, Privileges, and Access Controls vulnerability in X10Media X10 Automatic MP3 Script 1.5.5/1.6 download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php. | 5.0 |
2009-08-11 | CVE-2008-6933 | Minigal | Path Traversal vulnerability in Minigal B13 Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. | 5.0 |
2009-08-10 | CVE-2009-2720 | SUN | Unspecified vulnerability in SUN Java SE Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors. | 5.0 |
2009-08-10 | CVE-2009-2719 | SUN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Java SE The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). | 5.0 |
2009-08-10 | CVE-2009-2690 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | 5.0 |
2009-08-12 | CVE-2009-1427 | HP | Local Denial Of Service vulnerability in HP Hpux B.11.31 Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call. | 4.9 |
2009-08-14 | CVE-2009-2778 | Garagesalesjunkie | Cross-Site Scripting vulnerability in Garagesalesjunkie Garagesales Script Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. | 4.3 |
2009-08-14 | CVE-2009-2772 | Realtysoft | Cross-Site Scripting vulnerability in Realtysoft PG Roomate Finder Solution Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php. | 4.3 |
2009-08-14 | CVE-2009-2771 | Freearcadescript | Cross-Site Scripting vulnerability in Freearcadescript Free Arcade Script 1.3 Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/. | 4.3 |
2009-08-13 | CVE-2008-6969 | Pentasoft Corp | Cross-Site Scripting vulnerability in Pentasoft Corp. Avactis Shopping Cart 1.8.0/1.8.1 Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters. | 4.3 |
2009-08-13 | CVE-2008-6961 | Mozilla | Information Exposure vulnerability in Mozilla Seamonkey and Thunderbird mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. | 4.3 |
2009-08-12 | CVE-2008-6946 | Collabtive | Cross-Site Scripting vulnerability in Collabtive 0.4.8 Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php. | 4.3 |
2009-08-12 | CVE-2008-6945 | Icdevgroup | Cross-Site Scripting vulnerability in Icdevgroup Interchange Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature. | 4.3 |
2009-08-11 | CVE-2008-6938 | Holger Zimmermann | Improper Input Validation vulnerability in Holger Zimmermann Pi3Web Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | 4.3 |
2009-08-11 | CVE-2009-2739 | Freenas | Cross-Site Scripting vulnerability in Freenas 0.686.3/0.686.4/0.69 Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2009-08-11 | CVE-2009-2738 | Freenas | Cross-Site Scripting vulnerability in Freenas 0.69.1 Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors. | 4.3 |
2009-08-11 | CVE-2009-1885 | Apache | Buffer Errors vulnerability in Apache Xerces-C++ 2.7.0/2.8.0 Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework. | 4.3 |
2009-08-10 | CVE-2008-6927 | Cpanel | Cross-Site Scripting vulnerability in Cpanel Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. | 4.3 |
2009-08-10 | CVE-2008-6925 | Zenphoto | Cross-Site Scripting vulnerability in Zenphoto 1.1.7 Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. | 4.3 |
2009-08-10 | CVE-2008-6924 | Intelliants | Cross-Site Scripting vulnerability in Intelliants Esyndicat 2.2 Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-08-13 | CVE-2008-6972 | Drupal Karen Stevenson Yves Chedemois | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings. | 3.5 |
2009-08-12 | CVE-2009-1536 | Microsoft | Improper Input Validation vulnerability in Microsoft .Net Framework, Windows Server 2008 and Windows Vista ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." | 2.6 |
2009-08-13 | CVE-2009-2089 | IBM | Configuration vulnerability in IBM Websphere Application Server The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. | 2.1 |
2009-08-13 | CVE-2009-2087 | IBM | Credentials Management vulnerability in IBM Websphere Application Server The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | 2.1 |
2009-08-13 | CVE-2009-2094 | IBM | Unspecified vulnerability in IBM Websphere Commerce Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors. | 1.5 |