Weekly Vulnerabilities Reports > August 24 to 30, 2009

Overview

133 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 51 high severity vulnerabilities. This weekly summary report vulnerabilities in 108 products from 92 vendors including Cisco, Google, Ajsquare, Kyoceramita, and Linux. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Improper Authentication".

  • 124 reported vulnerabilities are remotely exploitables.
  • 59 reported vulnerabilities have public exploit available.
  • 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 127 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Kyoceramita has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-28 CVE-2008-7115 Belkin Permissions, Privileges, and Access Controls vulnerability in Belkin F5D7632-4 and Wireless G Router

The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/.

10.0
2009-08-28 CVE-2008-7109 Kyoceramita Improper Authentication vulnerability in Kyoceramita Scanner File Utility 3.3.0.1

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.

10.0
2009-08-27 CVE-2009-2935 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.

10.0
2009-08-25 CVE-2008-7081 Raidsonic Improper Authentication vulnerability in Raidsonic ICY BOX NAS 2.3.2.Ib.2.Rs.1

userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin.

10.0
2009-08-24 CVE-2008-7031 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware WAC Server 2.0

Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.

10.0
2009-08-28 CVE-2008-7111 Kyoceramita Permissions, Privileges, and Access Controls vulnerability in Kyoceramita Scanner File Utility 3.3.0.1

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109.

9.3
2009-08-27 CVE-2008-7103 Najdi SI Buffer Errors vulnerability in Najdi.Si Toolbar 2.0.4.1

Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.

9.3
2009-08-25 CVE-2009-2963 Decomputeur Unspecified vulnerability in Decomputeur Toolbar Uninstaller 1.0.2

Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website."

9.3
2009-08-25 CVE-2009-2961 Kolmck Buffer Errors vulnerability in Kolmck KOL Player 1.0

Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.

9.3
2009-08-25 CVE-2008-7079 Nero Buffer Errors vulnerability in Nero Showtime 5.0.15.0

Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file.

9.3
2009-08-25 CVE-2008-7074 Memcode USE of Externally-Controlled Format String vulnerability in Memcode I.Scribe

Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."

9.3
2009-08-25 CVE-2008-7070 Kvirc Code Injection vulnerability in Kvirc 3.4.2

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI.

9.3
2009-08-24 CVE-2008-7053 Logmein Resource Management Errors vulnerability in Logmein Ractrl.Dll

LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption.

9.3
2009-08-25 CVE-2008-7078 Maxum Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Maxum Rumpus

Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.

9.0

51 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-28 CVE-2008-7110 Kyoceramita Path Traversal vulnerability in Kyoceramita Scanner File Utility 3.3.0.1

Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a ..

7.8
2009-08-27 CVE-2008-7095 Arubanetworks Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Aruba Mobility Controller and Arubaos

The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB.

7.8
2009-08-27 CVE-2009-2976 Cisco Cryptographic Issues vulnerability in Cisco Aironet Ap1100 and Aironet Ap1200

Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.

7.8
2009-08-27 CVE-2009-2972 SUN Resource Management Errors vulnerability in SUN Solaris 8/9

in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."

7.8
2009-08-27 CVE-2009-2054 Cisco Denial of Service vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.

7.8
2009-08-27 CVE-2009-2053 Cisco Denial of Service vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.

7.8
2009-08-27 CVE-2009-2052 Cisco Denial of Service vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.

7.8
2009-08-27 CVE-2009-2051 Cisco Denial of Service vulnerability in Cisco Unified Communications Manager

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.

7.8
2009-08-27 CVE-2009-2050 Cisco Denial of Service vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.

7.8
2009-08-26 CVE-2008-7090 Pligg Path Traversal vulnerability in Pligg CMS

Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a ..

7.8
2009-08-25 CVE-2008-7065 Siemens Gigaset VoIP Phones SIP Remote Denial of Service vulnerability in Siemens

Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.

7.8
2009-08-28 CVE-2008-7120 Mrcgiguy SQL Injection vulnerability in Mrcgiguy HOT Links Sql-PHP

SQL injection vulnerability in Mr.

7.5
2009-08-28 CVE-2008-7119 Webidsupport SQL Injection vulnerability in Webidsupport Webid 0.5.4

SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-08-28 CVE-2008-7116 Webidsupport SQL Injection vulnerability in Webidsupport Webid 0.5.4

SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.

7.5
2009-08-27 CVE-2008-7102 Dotnetnuke Improper Input Validation vulnerability in Dotnetnuke

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.

7.5
2009-08-27 CVE-2008-7097 Qsoft INC SQL Injection vulnerability in Qsoft-Inc K-Rate

Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php.

7.5
2009-08-27 CVE-2009-2978 Sugarcrm SQL Injection vulnerability in Sugarcrm

SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-08-26 CVE-2008-7091 Pligg SQL Injection vulnerability in Pligg CMS

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.

7.5
2009-08-26 CVE-2008-7087 Openpro Code Injection vulnerability in Openpro 1.3.1

PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.

7.5
2009-08-26 CVE-2008-7086 Maianscriptworld Improper Authentication vulnerability in Maianscriptworld Maian Greetings 2.1

Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.

7.5
2009-08-26 CVE-2008-7085 Thehockeystop SQL Injection vulnerability in Thehockeystop Hockeystats Online 2.0

Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.

7.5
2009-08-25 CVE-2009-2960 Cuteflow Permissions, Privileges, and Access Controls vulnerability in Cuteflow 2.10.3/2.11.0C

CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.

7.5
2009-08-25 CVE-2008-7083 Revou SQL Injection vulnerability in Revou Micro Blogging Twitter Clone

Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

7.5
2009-08-25 CVE-2008-7077 Relative SQL Injection vulnerability in Relative Sailplanner 0.3A

Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

7.5
2009-08-25 CVE-2008-7075 Kalptaru Infotech SQL Injection vulnerability in Kalptaru Infotech Stararticles 6.0

Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd.

7.5
2009-08-25 CVE-2008-7071 Chipmunk Scripts SQL Injection vulnerability in Chipmunk-Scripts Chipmunk Topsites

SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php.

7.5
2009-08-25 CVE-2008-7069 Paul Arbogast Information Exposure vulnerability in Paul Arbogast Accms

All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.

7.5
2009-08-25 CVE-2008-7067 Pagetreecms Code Injection vulnerability in Pagetreecms Page Tree CMS 0.0.2Beta

PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.

7.5
2009-08-25 CVE-2008-7066 2Enetworx Permissions, Privileges, and Access Controls vulnerability in 2Enetworx Openforum 0.66

OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.

7.5
2009-08-25 CVE-2008-7064 Quicksilver Forums Path Traversal vulnerability in Quicksilver Forums Quicksilver Forums 1.4.2

Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.

7.5
2009-08-24 CVE-2008-7059 Aled Owen SQL Injection vulnerability in Aled Owen One-News

SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.

7.5
2009-08-24 CVE-2009-2951 Phenotype CMS Cryptographic Issues vulnerability in Phenotype-Cms Phenotype CMS

Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.

7.5
2009-08-24 CVE-2008-7051 Ajsquare Improper Authentication vulnerability in Ajsquare AJ Article

AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/.

7.5
2009-08-24 CVE-2008-7050 Wowraidmanager Credentials Management vulnerability in Wowraidmanager

The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.

7.5
2009-08-24 CVE-2008-7049 Natterchat SQL Injection vulnerability in Natterchat 1.1/1.12

Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp.

7.5
2009-08-24 CVE-2008-7047 Natterchat Improper Authentication vulnerability in Natterchat 1.1

NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.

7.5
2009-08-24 CVE-2008-7044 Ajsquare SQL Injection vulnerability in Ajsquare Free Polling Script

SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter.

7.5
2009-08-24 CVE-2008-7042 Freshscripts Code Injection vulnerability in Freshscripts Fresh Email Script 1.0/1.11

PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.

7.5
2009-08-24 CVE-2008-7041 Ajsquare Improper Authentication vulnerability in Ajsquare AJ Classifieds

AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.

7.5
2009-08-24 CVE-2008-7040 Wordpress
Yellowswordfish
SQL Injection vulnerability in Yellowswordfish Simple Forum

SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter.

7.5
2009-08-24 CVE-2008-7038 Phpnuke
Maxdev
SQL Injection vulnerability in Maxdev MY Egallery

SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php.

7.5
2009-08-24 CVE-2008-7037 ITN
Microsoft
Improper Input Validation vulnerability in ITN News Gadget 1.06

The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.

7.5
2009-08-24 CVE-2008-7034 Tigran Abrahamyan Code Injection vulnerability in Tigran Abrahamyan PHPecho CMS 2.0

PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path variable in the fetch function.

7.5
2009-08-24 CVE-2008-7033 Galore
Joomla
SQL Injection vulnerability in Galore COM Simpleshop

SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568.

7.5
2009-08-24 CVE-2008-7030 Site2Nite SQL Injection vulnerability in Site2Nite Real Estate web

Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp.

7.5
2009-08-24 CVE-2003-1574 Tiki Improper Authentication vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1

TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature.

7.5
2009-08-27 CVE-2009-2861 Cisco Denial-Of-Service vulnerability in Cisco Aironet Ap1100 and Aironet Ap1200

The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664.

7.3
2009-08-28 CVE-2009-2695 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.

7.2
2009-08-28 CVE-2008-7107 Eset Improper Input Validation vulnerability in Eset Smart Security 3.0.667.0

easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.

7.2
2009-08-27 CVE-2009-2698 Linux
Canonical
Suse
Null Pointer Dereference vulnerability in Linux Kernel

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

7.2
2009-08-28 CVE-2009-3000 SUN Resource Management Errors vulnerability in SUN Opensolaris and Solaris

The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."

7.1

67 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-27 CVE-2008-7096 Intel Permissions, Privileges, and Access Controls vulnerability in Intel Bios

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3.

6.9
2009-08-28 CVE-2008-7114 Ifusionservices SQL Injection vulnerability in Ifusionservices Ifdate

SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.

6.8
2009-08-27 CVE-2008-7099 Qsoft INC Remote Security vulnerability in K-Rate

Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors.

6.8
2009-08-26 CVE-2008-7093 Unica Path Traversal vulnerability in Unica Affinium Campaign 7.2.1.0.55

Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a ..

6.8
2009-08-25 CVE-2009-2964 Squirrelmail Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.

6.8
2009-08-25 CVE-2008-7082 Mybboard Cross-Site Request Forgery (CSRF) vulnerability in Mybboard Mybb 1.4.3

MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.

6.8
2009-08-25 CVE-2008-7073 Rssmodule
Ekkaia
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.

6.8
2009-08-25 CVE-2008-7062 Lovecms Permissions, Privileges, and Access Controls vulnerability in Lovecms 1.6.2

Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.

6.8
2009-08-24 CVE-2008-7058 Grayscalecms Cross-Site Request Forgery (CSRF) vulnerability in Grayscalecms Bandsite CMS 1.1.4

Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.

6.8
2009-08-24 CVE-2008-7032 F5 Cross-Site Request Forgery (CSRF) vulnerability in F5 Big-Ip 9.4.3

Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form.

6.8
2009-08-27 CVE-2008-7100 Dotnetnuke Security Bypass and Information Disclosure vulnerability in DotNetNuke

Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."

6.5
2009-08-26 CVE-2008-7088 Photopost Improper Input Validation vulnerability in Photopost Vbgallery 2.4.2

Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path.

6.5
2009-08-25 CVE-2008-7076 Kalptaru Infotech Permissions, Privileges, and Access Controls vulnerability in Kalptaru Infotech Stararticles 6.0

Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd.

6.5
2009-08-24 CVE-2008-7052 Preprojects Improper Input Validation vulnerability in Preprojects PRE Real Estate Listings

Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.

6.5
2009-08-28 CVE-2008-7113 Kyoceramita Cryptographic Issues vulnerability in Kyoceramita Scanner File Utility 3.3.0.1

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack.

6.4
2009-08-27 CVE-2009-2973 Google Cryptographic Issues vulnerability in Google Chrome

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

6.4
2009-08-25 CVE-2008-7068 PHP Improper Input Validation vulnerability in PHP

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte.

6.4
2009-08-24 CVE-2008-7046 Ajsquare Improper Authentication vulnerability in Ajsquare Free Polling Script

AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045.

6.4
2009-08-24 CVE-2008-7045 Ajsquare Improper Authentication vulnerability in Ajsquare Free Polling Script

AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php.

6.4
2009-08-24 CVE-2008-7029 Alilg Improper Input Validation vulnerability in Alilg Aliboard Beta

Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/.

6.0
2009-08-24 CVE-2008-7055 Visualshapers Path Traversal vulnerability in Visualshapers Ezcontents 2.0.3

module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function.

5.1
2009-08-24 CVE-2008-7054 Visualshapers Path Traversal vulnerability in Visualshapers Ezcontents 2.0.3

Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php.

5.1
2009-08-28 CVE-2008-7118 Webidsupport Permissions, Privileges, and Access Controls vulnerability in Webidsupport Webid 0.5.4

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.

5.0
2009-08-28 CVE-2008-7117 Webidsupport Permissions, Privileges, and Access Controls vulnerability in Webidsupport Webid 0.5.4

eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css.

5.0
2009-08-28 CVE-2008-7112 Kyoceramita Improper Input Validation vulnerability in Kyoceramita Scanner File Utility 3.3.0.1

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request.

5.0
2009-08-27 CVE-2008-7106 Sophos Unspecified vulnerability in Sophos Puremessage for Microsoft Exchange 3.0

The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay).

5.0
2009-08-27 CVE-2008-7105 Sophos Denial Of Service vulnerability in Sophos Puremessage for Microsoft Exchange 3.0

Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text.

5.0
2009-08-27 CVE-2008-7104 Sophos Denial Of Service vulnerability in Sophos Puremessage for Microsoft Exchange 3.0

Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.

5.0
2009-08-27 CVE-2008-7101 Dotnetnuke Security Bypass and Information Disclosure vulnerability in DotNetNuke

Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.

5.0
2009-08-27 CVE-2009-2975 Microsoft
Mozilla
Denial-Of-Service vulnerability in Mozilla Firefox 3.5.2

Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol.

5.0
2009-08-27 CVE-2009-2974 Google Denial-Of-Service vulnerability in Chrome

Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property.

5.0
2009-08-26 CVE-2008-7094 Unica Resource Management Errors vulnerability in Unica Affinium Campaign 7.2.1.0.55

Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote attackers to cause a denial of service (server crash) via a crafted length field that triggers (1) connection exhaustion or (2) memory allocation failure.

5.0
2009-08-26 CVE-2008-7084 Hirschelectronics Path Traversal vulnerability in Hirschelectronics Velocity Security Management System 1.0

Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a ..

5.0
2009-08-25 CVE-2008-7080 Phpclassifiedsscript Permissions, Privileges, and Access Controls vulnerability in PHPclassifiedsscript PHP Classifieds Script

Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.

5.0
2009-08-25 CVE-2008-7063 Ocean12Tech Information Exposure vulnerability in Ocean12Tech FAQ Manager PRO

Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.

5.0
2009-08-24 CVE-2008-7056 Grayscalecms Permissions, Privileges, and Access Controls vulnerability in Grayscalecms Bandsite CMS 1.1.4

BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.

5.0
2009-08-24 CVE-2009-2956 IBM Information Exposure vulnerability in IBM Websphere Commerce Suite

The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.

5.0
2009-08-24 CVE-2009-2955 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

5.0
2009-08-24 CVE-2009-2954 Microsoft Improper Input Validation vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

5.0
2009-08-24 CVE-2009-2953 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

5.0
2009-08-28 CVE-2009-3002 Linux
Canonical
Information Exposure vulnerability in Linux Kernel

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.

4.9
2009-08-28 CVE-2009-3001 Linux
Canonical
Information Exposure vulnerability in Linux Kernel

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.

4.9
2009-08-24 CVE-2009-2952 SUN Local Denial Of Service vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.

4.9
2009-08-28 CVE-2009-3008 Christophe Thibault Unspecified vulnerability in Christophe Thibault K-Meleon 1.5.3

K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.

4.3
2009-08-28 CVE-2009-3007 Flock
Mozilla
Remote Security vulnerability in SeaMonkey

Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.

4.3
2009-08-28 CVE-2009-3006 Maxthon Remote Security vulnerability in Maxthon Browser 2.5.3.80

Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.

4.3
2009-08-28 CVE-2009-3005 Lunascape Remote Security vulnerability in Lunascape 5.1.3/5.1.4

Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.

4.3
2009-08-28 CVE-2009-3004 Avant Force Remote Security vulnerability in Avant Force Avant Browser 11.7

Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.

4.3
2009-08-28 CVE-2009-3003 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6/7/8

Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.

4.3
2009-08-28 CVE-2008-7121 Mrcgiguy Cross-Site Scripting vulnerability in Mrcgiguy HOT Links Sql-PHP 3

Cross-site scripting (XSS) vulnerability in Mr.

4.3
2009-08-28 CVE-2008-7108 Phpcart Cross-Site Scripting vulnerability in PHPcart 3.4

Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors.

4.3
2009-08-27 CVE-2008-7098 Qsoft INC Cross-Site Scripting vulnerability in Qsoft-Inc K-Rate

Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3) the gallery, possibly the Description field in Your Pictures; (4) the forum, possibly the Your Message field when posting a new thread; or (5) the vote parameter in a view action to index.php.

4.3
2009-08-26 CVE-2009-2967 Buildbot Cross-Site Scripting vulnerability in Buildbot

Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.

4.3
2009-08-26 CVE-2008-7092 Unica Cross-Site Scripting vulnerability in Unica Affinium Campaign 7.2.1.0.55

Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors.

4.3
2009-08-26 CVE-2008-7089 Pligg Cross-Site Scripting vulnerability in Pligg CMS

Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.

4.3
2009-08-25 CVE-2009-2966 Kaspersky Resource Management Errors vulnerability in Kaspersky Anti-Virus and Kaspersky Internet Security

avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.

4.3
2009-08-25 CVE-2009-2965 Radvision Cross-Site Scripting vulnerability in Radvision Scopia 5.7

Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2009-08-25 CVE-2009-2959 Buildbot Cross-Site Scripting vulnerability in Buildbot

Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-08-25 CVE-2008-7072 Chipmunk Scripts Cross-Site Scripting vulnerability in Chipmunk-Scripts Chipmunk Topsites

Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.

4.3
2009-08-24 CVE-2008-7061 Google Resource Management Errors vulnerability in Google Chrome 0.2.149.29

The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994.

4.3
2009-08-24 CVE-2008-7060 ONE News Cross-Site Scripting vulnerability in One-News

Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to index.php.

4.3
2009-08-24 CVE-2008-7057 Grayscalecms Cross-Site Scripting vulnerability in Grayscalecms Bandsite CMS 1.1.4

Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.

4.3
2009-08-24 CVE-2008-7048 Natterchat Cross-Site Scripting vulnerability in Natterchat 1.12

Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp.

4.3
2009-08-24 CVE-2008-7043 Freshscripts Cross-Site Scripting vulnerability in Freshscripts Fresh Email Script 1.0/1.11

Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter.

4.3
2009-08-24 CVE-2008-7039 Gelatocms Cross-Site Scripting vulnerability in Gelatocms 0.95

Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment.

4.3
2009-08-24 CVE-2008-7036 E Xoops
Bcoos
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.

4.3
2009-08-24 CVE-2008-7035 Phpraider
Simple Machines
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the resistance field.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-27 CVE-2009-2977 Cisco Cryptographic Issues vulnerability in Cisco Cs-Mars

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.

3.3