Weekly Vulnerabilities Reports > August 17 to 23, 2009

Overview

142 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 46 high severity vulnerabilities. This weekly summary report vulnerabilities in 133 products from 113 vendors including Adobe, Phpscriptsnow, Google, Linux, and Wordpress. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Path Traversal".

  • 131 reported vulnerabilities are remotely exploitables.
  • 59 reported vulnerabilities have public exploit available.
  • 76 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 134 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-21 CVE-2008-7023 Arubanetworks Cryptographic Issues vulnerability in Arubanetworks Aruba Mobility Controller and Arubaos

Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication.

10.0
2009-08-21 CVE-2009-2694 Adium
Pidgin
Resource Management Errors vulnerability in multiple products

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.

10.0
2009-08-19 CVE-2008-7010 Skalinks Permissions, Privileges, and Access Controls vulnerability in Skalinks Exchange Script 1.5

Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.

10.0
2009-08-19 CVE-2008-7004 Elog Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Elog

Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.

10.0
2009-08-19 CVE-2008-6993 Siemens Cryptographic Issues vulnerability in Siemens Gigaset Wlan Camera 1.27

Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities.

10.0
2009-08-18 CVE-2009-2853 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.

10.0
2009-08-21 CVE-2009-2934 Programmedintegration Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Programmedintegration Pipl 2.5.0/2.5.0D

Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2) .pl playlist file.

9.3
2009-08-21 CVE-2008-7022 Chilkatsoft Remote Security vulnerability in Chilkatsoft Chilkat Imap Activex Control 7.9

Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.

9.3
2009-08-21 CVE-2009-2916 2Kgames USE of Externally-Controlled Format String vulnerability in 2Kgames Vietcong 2

Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname.

9.3
2009-08-20 CVE-2009-2896 KDE Buffer Errors vulnerability in KDE Kmplayer 2.9.3.1210

Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file.

9.3
2009-08-19 CVE-2009-2627 Acer Code Injection vulnerability in Acer Lunchapp.Aplunch

Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121.

9.3
2009-08-19 CVE-2008-6998 Google Buffer Errors vulnerability in Google Chrome 0.2.149.27

Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.

9.3
2009-08-19 CVE-2008-6994 Google Buffer Errors vulnerability in Google Chrome 0.2.149.27

Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated.

9.3
2009-08-18 CVE-2009-2850 Nasa Goddard Space Flight Center Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nasa Goddard Space Flight Center Common Data Format

Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other unspecified functions.

9.3
2009-08-17 CVE-2009-2784 Ditcms Path Traversal vulnerability in Ditcms Dit.Cms 1.3

Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a ..

9.3

46 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-21 CVE-2009-2931 Slideshowpro Path Traversal vulnerability in Slideshowpro Director

Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter.

7.8
2009-08-21 CVE-2009-2925 Djcalendar Path Traversal vulnerability in Djcalendar

Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a ..

7.8
2009-08-21 CVE-2009-2922 Pixaria Path Traversal vulnerability in Pixaria Gallery 2.0.0/2.3.5

Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.

7.8
2009-08-21 CVE-2009-0638 Cisco Remote Denial of Service vulnerability in Cisco Firewall Services Module ICMP Packet

The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages.

7.8
2009-08-19 CVE-2008-7012 Accellion Unspecified vulnerability in Accellion Secure File Transfer Appliance 70135

courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.

7.8
2009-08-18 CVE-2009-2846 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function.

7.8
2009-08-18 CVE-2009-2844 Linux Resource Management Errors vulnerability in Linux Kernel and Linux Kernel

cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function.

7.8
2009-08-21 CVE-2009-2933 Piwigo SQL Injection vulnerability in Piwigo

SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.

7.5
2009-08-21 CVE-2009-2929 TGS CMS SQL Injection vulnerability in Tgs-Cms TGS Content Management

Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php.

7.5
2009-08-21 CVE-2009-2927 Digitalspinners SQL Injection vulnerability in Digitalspinners DS CMS 1.0

SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.

7.5
2009-08-21 CVE-2009-2926 Phpcompet Free SQL Injection vulnerability in PHPcompet.Free PHP Competition System 0.84

Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.

7.5
2009-08-21 CVE-2008-7028 Aves Improper Authentication vulnerability in Aves RPG Board 0.0.8/0.8

RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value.

7.5
2009-08-21 CVE-2008-7027 Libra File Manager Improper Authentication vulnerability in Libra File Manager PHP Filemanager

Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.

7.5
2009-08-21 CVE-2008-7019 Esqlanelapse Improper Authentication vulnerability in Esqlanelapse 2.6.1/2.6.2

Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies.

7.5
2009-08-21 CVE-2009-2924 Videosbroadcastyourself SQL Injection vulnerability in Videosbroadcastyourself Videos Broadcast Yourself 2

Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.

7.5
2009-08-21 CVE-2009-2921 Mocdesigns SQL Injection vulnerability in Mocdesigns PHP News 1.1

Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).

7.5
2009-08-21 CVE-2009-2915 2Fly SQL Injection vulnerability in 2Fly Gift Delivery System 6.0

SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.

7.5
2009-08-20 CVE-2009-2895 Phpsugar SQL Injection vulnerability in PHPsugar Ultimate Regnow Affiliate 3.0

SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2009-08-20 CVE-2009-2894 Clone2009 SQL Injection vulnerability in Clone2009 Ebay Clone 2009

Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.

7.5
2009-08-20 CVE-2009-2892 Scripteen SQL Injection vulnerability in Scripteen Free Image Hosting Script 2.3

Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.

7.5
2009-08-20 CVE-2009-2891 Phpscriptsnow SQL Injection vulnerability in PHPscriptsnow Riddles

SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2009-08-20 CVE-2009-2888 Phpscriptsnow SQL Injection vulnerability in PHPscriptsnow Hangman

SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.

7.5
2009-08-20 CVE-2009-2886 Phpscriptsnow SQL Injection vulnerability in PHPscriptsnow President Bios

SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.

7.5
2009-08-20 CVE-2009-2885 Phpscriptsnow SQL Injection vulnerability in PHPscriptsnow World'S Tallest Buildings

SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.

7.5
2009-08-20 CVE-2009-2881 Artis Imag SQL Injection vulnerability in Artis.Imag Basilic 1.5.13

Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.

7.5
2009-08-19 CVE-2008-7007 Phpversion Improper Authentication vulnerability in PHPversion PHP VX Guestbook 1.06

Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.

7.5
2009-08-19 CVE-2008-7005 Minb Code Injection vulnerability in Minb IS NOT A Blog 0.1.0

include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter.

7.5
2009-08-19 CVE-2008-7003 THE RAT CMS SQL Injection vulnerability in The-Rat-Cms Alpha2

Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the (1) user_id and (2) password parameter.

7.5
2009-08-19 CVE-2008-7001 Creative Mind Unspecified vulnerability in Creative Mind Creator CMS 5.0

Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2009-08-19 CVE-2008-7000 Phpauction Code Injection vulnerability in PHPauction 3.2

PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter.

7.5
2009-08-19 CVE-2008-6992 Greensql SQL Injection vulnerability in Greensql Firewall 0.3.4/0.3.5/0.8.2

GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.

7.5
2009-08-19 CVE-2008-6991 Cmsbright SQL Injection vulnerability in Cmsbright

SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.

7.5
2009-08-19 CVE-2008-6990 Ezphotogallery SQL Injection vulnerability in Ezphotogallery 2.1

SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2009-08-19 CVE-2008-6989 Ezphotogallery SQL Injection vulnerability in Ezphotogallery 2.1

SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2009-08-19 CVE-2008-6987 Ezonescripts Remote File Upload vulnerability in eZoneScripts Dating Website

Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2009-08-19 CVE-2008-6983 Devalcms Code Injection vulnerability in Devalcms 1.4A

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.

7.5
2009-08-19 CVE-2008-6980 Phpadultsite SQL Injection vulnerability in PHPadultsite CMS 2.3.2

SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php.

7.5
2009-08-17 CVE-2009-2792 Joshua Oliver Path Traversal vulnerability in Joshua Oliver Really Simple CMS 0.3A

Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-08-17 CVE-2009-2791 Webdynamite Code Injection vulnerability in Webdynamite Projectbutler 1.5.0

PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.

7.5
2009-08-17 CVE-2009-2790 Softbiz SQL Injection vulnerability in Softbiz Dating Script

SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2009-08-17 CVE-2009-2789 Joomla
Permis
SQL Injection vulnerability in Permis COM Groups

SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php.

7.5
2009-08-17 CVE-2009-2788 Mobilelib SQL Injection vulnerability in Mobilelib Gold 3

Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.

7.5
2009-08-17 CVE-2009-2786 Punbb
Reputation
SQL Injection vulnerability in Reputation 2.0.4/2.2.3

SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter.

7.5
2009-08-17 CVE-2009-2782 Joomla
Jfusion
SQL Injection vulnerability in Jfusion COM Jfusion

SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

7.5
2009-08-17 CVE-2009-2779 Ajsquare SQL Injection vulnerability in Ajsquare AJ Matrix DNA

SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.

7.5
2009-08-19 CVE-2008-7002 PHP Permissions, Privileges, and Access Controls vulnerability in PHP 5.2.5

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.

7.2

73 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-19 CVE-2008-7009 Checkpoint Buffer Errors vulnerability in Checkpoint Zonealarm 7.0.483.000/8.0.020.000

Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path.

6.9
2009-08-21 CVE-2008-7026 Efrontlearning Permissions, Privileges, and Access Controls vulnerability in Efrontlearning Efront

Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.

6.8
2009-08-21 CVE-2008-7024 Arzdev Permissions, Privileges, and Access Controls vulnerability in Arzdev Gemini Lite and Gemini Portal

admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."

6.8
2009-08-21 CVE-2008-7016 Luke Mewburn Cross-Site Request Forgery (CSRF) vulnerability in Luke Mewburn Tnftpd 20040810/20061217/20080609

tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.

6.8
2009-08-20 CVE-2009-2883 Arabless SQL Injection vulnerability in Arabless Saphplesson 4.0

SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.

6.8
2009-08-19 CVE-2008-6986 ZEN Cart SQL Injection vulnerability in Zen-Cart ZEN Cart

SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985.

6.8
2009-08-19 CVE-2008-6985 ZEN Cart SQL Injection vulnerability in Zen-Cart ZEN Cart

Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.

6.8
2009-08-19 CVE-2008-6978 Fullrevolution Improper Input Validation vulnerability in Fullrevolution Aspwebalbum 3.2

Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.

6.8
2009-08-18 CVE-2009-2852 Ryan Mcgeary
Wordpress
Improper Input Validation vulnerability in Ryan.Mcgeary Wp-Syntax

WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.

6.8
2009-08-17 CVE-2009-2787 Punbb
Reputation
Path Traversal vulnerability in Reputation 2.0.4/2.2.3

Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-08-19 CVE-2008-6976 Microtik Improper Input Validation vulnerability in Microtik Routeros

MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.

6.4
2009-08-18 CVE-2009-2854 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.

6.4
2009-08-21 CVE-2008-7021 Availscript Remote File Upload vulnerability in AvailScript Job Portal Script

Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory.

6.0
2009-08-17 CVE-2009-2781 Arabportal SQL Injection vulnerability in Arabportal Arab Portal 2.0.1/2.1/2.2

SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.

6.0
2009-08-18 CVE-2009-2848 Linux
Novell
Opensuse
Suse
Fedoraproject
Canonical
Redhat
Vmware
Improper Privilege Management vulnerability in multiple products

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

5.9
2009-08-21 CVE-2009-2474 Webdav
Webvdav
Apple
Canonical
Fedoraproject
Inadequate Encryption Strength vulnerability in multiple products

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

5.8
2009-08-19 CVE-2008-6984 Parallels Improper Authentication vulnerability in Parallels Plesk 8.6.0

Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.

5.8
2009-08-18 CVE-2009-1878 Adobe Improper Authentication vulnerability in Adobe Coldfusion

Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

5.8
2009-08-21 CVE-2009-2923 Bitmixsoft Path Traversal vulnerability in Bitmixsoft PHP-Lance 1.52

Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a ..

5.0
2009-08-21 CVE-2009-2732 Ntop Buffer Errors vulnerability in Ntop 3.3.10

The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.

5.0
2009-08-19 CVE-2009-2860 IBM Unspecified vulnerability in IBM DB2 8.1

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

5.0
2009-08-19 CVE-2009-2858 IBM Resource Management Errors vulnerability in IBM DB2 8.1

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.

5.0
2009-08-19 CVE-2009-2740 CA Resource Management Errors vulnerability in CA Host-Based Intrusion Prevention System 8.1

kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet.

5.0
2009-08-19 CVE-2008-7015 Epic Games
Frontlines
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.

5.0
2009-08-19 CVE-2008-7014 Fhttpd Remote Denial Of Service vulnerability in Fhttpd 0.4.2

fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value.

5.0
2009-08-19 CVE-2008-7013 Baidu Numeric Errors vulnerability in Baidu HI IM

NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.

5.0
2009-08-19 CVE-2008-7008 Hyperstop Improper Authentication vulnerability in Hyperstop web Host Directory 1.2

HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.

5.0
2009-08-19 CVE-2008-7006 Phpversion Improper Authentication vulnerability in PHPversion PHP VX Guestbook 1.06

Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.

5.0
2009-08-19 CVE-2008-6999 Phpauction Information Exposure vulnerability in PHPauction 3.2/3.3.0

phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

5.0
2009-08-19 CVE-2008-6996 Google Unspecified vulnerability in Google Chrome 0.2.149.27

Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.

5.0
2009-08-19 CVE-2008-6981 Phpadultsite Information Exposure vulnerability in PHPadultsite CMS 2.3.2

index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message.

5.0
2009-08-18 CVE-2009-1876 Adobe Unspecified vulnerability in Adobe Coldfusion

Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."

5.0
2009-08-18 CVE-2009-2855 Squid Cache Improper Input Validation vulnerability in Squid-Cache Squid 2.7

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

5.0
2009-08-21 CVE-2009-2912 SUN Local Denial Of Service vulnerability in SUN Opensolaris and Solaris

The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.

4.9
2009-08-19 CVE-2009-2857 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.

4.9
2009-08-18 CVE-2009-2847 Linux Unspecified vulnerability in Linux Kernel and Linux Kernel

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.

4.9
2009-08-18 CVE-2009-2849 Linux Denial-Of-Service vulnerability in Linux Kernel

The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions.

4.7
2009-08-19 CVE-2009-2859 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

4.6
2009-08-21 CVE-2009-2932 SAP Cross-Site Scripting vulnerability in SAP Netweaver 7.0

Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.

4.3
2009-08-21 CVE-2009-2930 Elkagroup Cross-Site Scripting vulnerability in Elkagroup Elkapax CMS

Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.

4.3
2009-08-21 CVE-2009-2928 TGS CMS Cross-Site Scripting vulnerability in Tgs-Cms TGS Content Management

Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839.

4.3
2009-08-21 CVE-2009-2473 Webdav Resource Management Errors vulnerability in Webdav Neon 0.28.6

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

4.3
2009-08-21 CVE-2008-7025 Checkpoint Remote Denial of Service vulnerability in Checkpoint Zonealarm 8.0.020.000

TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response.

4.3
2009-08-21 CVE-2008-7018 Nashtech Cross-Site Scripting vulnerability in Nashtech Easy PHP Calendar 6.3.25

Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.

4.3
2009-08-21 CVE-2008-7017 Cacert Cross-Site Scripting vulnerability in Cacert 20080921

Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.

4.3
2009-08-21 CVE-2009-2920 Elvinbts Cross-Site Scripting vulnerability in Elvinbts 1.2.2

Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php.

4.3
2009-08-21 CVE-2009-2917 Imtoo Buffer Errors vulnerability in Imtoo Mpeg Encoder 3.1.53

Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file.

4.3
2009-08-21 CVE-2009-2914 Xzeroscripts Cross-Site Scripting vulnerability in Xzeroscripts Xzero Community Classifieds

Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file.

4.3
2009-08-21 CVE-2009-2913 Xzeroscripts Cross-Site Scripting vulnerability in Xzeroscripts Xzero Community Classifieds 4.97.8

Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3
2009-08-20 CVE-2009-2893 Xzeroscripts Cross-Site Scripting vulnerability in Xzeroscripts Xzero Community Classifieds 4.97.8

Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.

4.3
2009-08-20 CVE-2009-2890 Phpscriptsnow Cross-Site Scripting vulnerability in PHPscriptsnow Riddles

Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.

4.3
2009-08-20 CVE-2009-2889 Phpscriptsnow Cross-Site Scripting vulnerability in PHPscriptsnow Hangman

Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.

4.3
2009-08-20 CVE-2009-2887 Phpscriptsnow Cross-Site Scripting vulnerability in PHPscriptsnow President Bios

Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.

4.3
2009-08-20 CVE-2009-2884 Phpscriptsnow Cross-Site Scripting vulnerability in PHPscriptsnow World'S Tallest Buildings

Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter.

4.3
2009-08-20 CVE-2009-2882 Datingpro Cross-Site Scripting vulnerability in Datingpro Matchmaking

Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.

4.3
2009-08-19 CVE-2009-2055 Cisco Improper Input Validation vulnerability in Cisco IOS XR

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

4.3
2009-08-19 CVE-2009-1884 Bzip
Perl
Numeric Errors vulnerability in Bzip Compress-Raw-Bzip2

Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.

4.3
2009-08-19 CVE-2008-6997 Google Remote Denial of Service vulnerability in Google Chrome 0.2.149.27

Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.

4.3
2009-08-19 CVE-2008-6995 Google Numeric Errors vulnerability in Google Chrome 0.2.149.27

Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI.

4.3
2009-08-19 CVE-2008-6988 Ezphotogallery Cross-Site Scripting vulnerability in Ezphotogallery 2.1

Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php.

4.3
2009-08-19 CVE-2008-6982 Devalcms Cross-Site Scripting vulnerability in Devalcms 1.4A

Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.

4.3
2009-08-19 CVE-2008-6979 Phpadultsite Cross-Site Scripting vulnerability in PHPadultsite CMS 2.3.2

Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to inject arbitrary web script or HTML via the results_per_page parameter to index.php.

4.3
2009-08-19 CVE-2008-6977 Fullrevolution Cross-Site Scripting vulnerability in Fullrevolution Aspwebalbum 3.2

Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.

4.3
2009-08-18 CVE-2009-1877 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.

4.3
2009-08-18 CVE-2009-1875 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.

4.3
2009-08-18 CVE-2009-1874 Adobe Cross-Site Scripting vulnerability in Adobe Jrun 4.0

Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-08-18 CVE-2009-1872 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.

4.3
2009-08-18 CVE-2009-2851 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

4.3
2009-08-17 CVE-2009-2785 Classifiedphpscript Cross-Site Scripting vulnerability in Classifiedphpscript PHP Open Classifieds Script

Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.

4.3
2009-08-17 CVE-2009-2783 Xoops Cross-Site Scripting vulnerability in Xoops 2.3.3

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.

4.3
2009-08-17 CVE-2009-2780 68 Classifieds Cross-Site Scripting vulnerability in 68 Classifieds 68 Classifieds 4.1

Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.

4.3
2009-08-19 CVE-2008-7011 Digital Extreme
Epic Games
Groove Games
Human Head Studios
RED Mercury
Whiptail Interactive
Resource Management Errors vulnerability in multiple products

The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.

4.0
2009-08-18 CVE-2009-1873 Adobe Path Traversal vulnerability in Adobe Jrun 4.0

Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a ..

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-21 CVE-2009-2919 Boonex Cross-Site Scripting vulnerability in Boonex Orca 2.0/2.0.2

Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.

3.5
2009-08-18 CVE-2009-2856 SUN Information Exposure vulnerability in SUN Virtual Desktop Infrastructure 3.0

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.

3.5
2009-08-21 CVE-2009-2056 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR

Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.

3.3
2009-08-21 CVE-2009-1154 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XR

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

3.3
2009-08-21 CVE-2009-1879 Adobe Cross-Site Scripting vulnerability in Adobe Flex SDK 1.5/3.3

Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string.

2.6
2009-08-21 CVE-2008-7020 Mcafee Cryptographic Issues vulnerability in Mcafee Safeboot Device Encryption 4

McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

2.1
2009-08-21 CVE-2009-2918 Thegreenbow Improper Input Validation vulnerability in Thegreenbow VPN Client 4.61.003

The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.

2.1
2009-08-19 CVE-2009-0682 CA Improper Input Validation vulnerability in CA Internet Security Suite 10.0.0.217/9.0.0.184

vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call.

2.1