Weekly Vulnerabilities Reports > August 31 to September 6, 2009
Overview
97 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 84 vendors including Opera, Mozilla, Joomla, EYE FI, and Microfocus. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Code Injection".
- 97 reported vulnerabilities are remotely exploitables.
- 24 reported vulnerabilities have public exploit available.
- 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 95 reported vulnerabilities are exploitable by an anonymous user.
- Opera has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Openoffice has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-09-04 | CVE-2008-7164 | RYO OH KI | Unspecified vulnerability in Ryo-Oh-Ki Shareaza 2.0.0.0/2.2.0.0/2.2.1.0 Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor. | 10.0 |
2009-09-02 | CVE-2009-3050 | Htmldoc | Buffer Errors vulnerability in Htmldoc 1.8.24/1.8.25/1.8.26 Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. | 10.0 |
2009-09-02 | CVE-2008-7158 | Numarasoftware | OS Command Injection vulnerability in Numarasoftware Footprints Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. | 10.0 |
2009-09-01 | CVE-2008-7149 | Agilewiki | Remote Security vulnerability in Agilewiki Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords. | 10.0 |
2009-09-01 | CVE-2008-7148 | Synfig | Remote Security vulnerability in Synfigstudio Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file. | 10.0 |
2009-09-01 | CVE-2008-7144 | Rarlab | Remote Security vulnerability in WinRar Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. | 10.0 |
2009-08-31 | CVE-2008-7126 | Microfocus | Numeric Errors vulnerability in Microfocus Visibroker Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow. | 10.0 |
2009-08-31 | CVE-2008-7122 | Evansprogramming | Insecure Method And Buffer Overflow vulnerability in Registry Pro 'epRegPro.ocx' ActiveX Control Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) DeleteValue, (6) EnumKeys, (7) EnumValues, (8) QueryType, (9) QueryValue, (10) RenameKey, and (11) SetValue methods. | 10.0 |
2009-09-04 | CVE-2009-2946 | Devscripts Devel Team Debian | Unspecified vulnerability in Devscripts Devel Team Devscripts Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages. | 9.3 |
2009-09-04 | CVE-2009-3068 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Robohelp Server 8 Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. | 9.3 |
2009-09-04 | CVE-2008-7162 | Heroshare | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Heroshare Hero Super Player 3000 Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. | 9.3 |
2009-09-03 | CVE-2009-3058 | Aksoft | Buffer Errors vulnerability in Aksoft Akplayer 1.9.0 Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file. | 9.3 |
2009-09-02 | CVE-2009-0201 | Openoffice | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Openoffice.Org Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." | 9.3 |
2009-09-02 | CVE-2009-0200 | Openoffice | Numeric Errors vulnerability in Openoffice Openoffice.Org Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. | 9.3 |
2009-09-01 | CVE-2009-3037 | IBM Symantec Autonomy | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. | 9.3 |
2009-08-31 | CVE-2008-7125 | Ariadne CMS | OS Command Injection vulnerability in Ariadne-Cms Ariadne CMS 2.4 pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. | 9.0 |
20 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-09-04 | CVE-2009-3082 | Snowhall | SQL Injection vulnerability in Snowhall Silurus System 1.0 SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2009-09-04 | CVE-2009-3081 | Uiga | SQL Injection vulnerability in Uiga Church Portal SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. | 7.5 |
2009-09-04 | CVE-2008-7161 | Fortinet | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate-1000 3.00 Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. | 7.5 |
2009-09-03 | CVE-2009-3065 | Rein Velt | Code Injection vulnerability in Rein Velt Vedit 01.4 PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter. | 7.5 |
2009-09-03 | CVE-2009-3064 | Rein Velt | Path Traversal vulnerability in Rein Velt Vedit 01.4 Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-09-03 | CVE-2009-3063 | Joomla Indianpulses | SQL Injection vulnerability in Indianpulses COM Gameserver 1.0 SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. | 7.5 |
2009-09-03 | CVE-2009-3062 | Phplivesupport | SQL Injection vulnerability in PHPlivesupport. PHPlive! 3.3 SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. | 7.5 |
2009-09-03 | CVE-2009-3061 | Alqa6Ari | SQL Injection vulnerability in Alqa6Ari Script Q R 1.0 SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-09-03 | CVE-2009-3059 | Allpublication | SQL Injection vulnerability in Allpublication Jboard Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php. | 7.5 |
2009-09-03 | CVE-2009-3056 | BAS Bloemsaat | Code Injection vulnerability in BAS Bloemsaat Kingcms 0.6.0 PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter. | 7.5 |
2009-09-03 | CVE-2009-3055 | Dlecms | Code Injection vulnerability in Dlecms DLE 8.2 PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter. | 7.5 |
2009-09-03 | CVE-2009-3054 | Joomla Artetics | SQL Injection vulnerability in Artetics COM Artportal 1.0 SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. | 7.5 |
2009-09-02 | CVE-2009-3046 | Opera | Improper Certificate Validation vulnerability in Opera Browser Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. | 7.5 |
2009-09-02 | CVE-2008-7155 | Phprisk | Permissions, Privileges, and Access Controls vulnerability in PHPrisk Netrisk 1.9.7 NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request. | 7.5 |
2009-09-02 | CVE-2008-7153 | Docebo | SQL Injection vulnerability in Docebo SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. | 7.5 |
2009-09-01 | CVE-2009-3041 | Spip | Permissions, Privileges, and Access Controls vulnerability in Spip SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009. | 7.5 |
2009-09-01 | CVE-2008-7145 | Coronamatrix | SQL Injection vulnerability in Coronamatrix PHPaddressbook 2.0 Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters. | 7.5 |
2009-08-31 | CVE-2008-7128 | Xyssl | Permissions, Privileges, and Access Controls vulnerability in Xyssl The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors. | 7.5 |
2009-08-31 | CVE-2008-7124 | Zkup | Improper Authentication vulnerability in Zkup zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator. | 7.5 |
2009-08-31 | CVE-2009-3020 | Microsoft | Denial-Of-Service vulnerability in Windows Server 2003 Enterprise Edition Itanium win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. | 7.1 |
61 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-09-04 | CVE-2009-2697 | Gnome Redhat | Improper Authentication vulnerability in Gnome GDM The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079. | 6.8 |
2009-09-04 | CVE-2008-7165 | Alice | Cross-Site Request Forgery (CSRF) vulnerability in Alice Gate2 Plus Wi-Fi Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters. | 6.8 |
2009-09-04 | CVE-2008-7163 | Sinecms | Path Traversal vulnerability in Sinecms Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter. | 6.8 |
2009-09-03 | CVE-2009-3053 | Joomla Jvitals | Path Traversal vulnerability in Jvitals COM Agora 3.0.0B Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. | 6.8 |
2009-09-02 | CVE-2008-7157 | Ekinboard | Permissions, Privileges, and Access Controls vulnerability in Ekinboard Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/. | 6.8 |
2009-09-02 | CVE-2008-7156 | Ekinboard | Improper Authentication vulnerability in Ekinboard EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php. | 6.8 |
2009-09-02 | CVE-2009-2957 | Thekelleys | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Thekelleys Dnsmasq Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. | 6.8 |
2009-09-01 | CVE-2008-7152 | Simon Rycroft | Code Injection vulnerability in Simon Rycroft SID Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) client.php or (2) taxonservice.php. | 6.8 |
2009-09-01 | CVE-2008-7151 | Gurpartap Singh Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Gurpartap Singh Live 5.X1.Xdev Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code. | 6.8 |
2009-09-01 | CVE-2008-7143 | Phpbb | Information Exposure vulnerability in PHPbb 2.0.23 phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header. | 6.8 |
2009-09-01 | CVE-2008-7139 | EYE FI | Cross-Site Request Forgery (CSRF) vulnerability in Eye.Fi Eye-Fi Manager 1.1.2 Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload. | 6.8 |
2009-08-31 | CVE-2008-7131 | Peter Kohlmann | Security Bypass vulnerability in DB2 Monitoring Console Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to gain access to a database via a link to a victim who is already connected to the database. | 6.8 |
2009-08-31 | CVE-2008-7123 | Zkup | Code Injection vulnerability in Zkup Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check. | 6.8 |
2009-09-03 | CVE-2009-3052 | Phpbb Absoluteanime | SQL Injection vulnerability in Absoluteanime Prime Quick Style 1.2.3 SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php. | 6.5 |
2009-08-31 | CVE-2009-3022 | ITD INC | Cross-Site Request Forgery (CSRF) vulnerability in Itd-Inc Bingo!Cms 1.0/1.1/1.2 Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors. | 6.5 |
2009-09-04 | CVE-2008-7166 | Bittorrent Utorrent | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. | 5.0 |
2009-09-02 | CVE-2009-3049 | Opera | Remote Security vulnerability in Opera Web Browser Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | 5.0 |
2009-09-02 | CVE-2009-3045 | Opera | Cryptographic Issues vulnerability in Opera Browser Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. | 5.0 |
2009-09-02 | CVE-2009-3044 | Opera | Cryptographic Issues vulnerability in Opera Browser Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 5.0 |
2009-09-02 | CVE-2009-2968 | Vmware | Path Traversal vulnerability in VMWare Studio 2.0 Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors. | 5.0 |
2009-09-02 | CVE-2008-7154 | Docebo | Information Exposure vulnerability in Docebo Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message. | 5.0 |
2009-09-01 | CVE-2008-7146 | Intralearn | Information Exposure vulnerability in Intralearn 2.1 IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message. | 5.0 |
2009-09-01 | CVE-2008-7142 | Cpanel | Path Traversal vulnerability in Cpanel 11.18.3 Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter. | 5.0 |
2009-09-01 | CVE-2008-7138 | EYE FI | Cryptographic Issues vulnerability in Eye.Fi Eye-Fi Manager 1.1.2 The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. | 5.0 |
2009-09-01 | CVE-2008-7137 | EYE FI | Multiple Security vulnerability in Eye.Fi Eye-Fi Manager 1.1.2 WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors. | 5.0 |
2009-08-31 | CVE-2009-3026 | Pidgin | Cryptographic Issues vulnerability in Pidgin 2.6.0 protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. | 5.0 |
2009-08-31 | CVE-2009-2944 | Ikiwiki | Information Disclosure vulnerability in ikiwiki 'teximg' Plugin Insecure TeX Commands Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands. | 5.0 |
2009-08-31 | CVE-2009-3019 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. | 5.0 |
2009-08-31 | CVE-2008-7130 | Peter Kohlmann | Security Bypass vulnerability in DB2 Monitoring Console Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upload arbitrary files via unknown vectors. | 5.0 |
2009-08-31 | CVE-2008-7129 | Xyssl | Resource Management Errors vulnerability in Xyssl XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification. | 5.0 |
2009-08-31 | CVE-2008-7127 | Microfocus | Resource Management Errors vulnerability in Microfocus Visibroker osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled. | 5.0 |
2009-09-03 | CVE-2009-3067 | Webformatique | Cross-Site Scripting vulnerability in Webformatique Reservation Manager Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter. | 4.3 |
2009-09-03 | CVE-2009-3066 | Propertywatchscript | Cross-Site Scripting vulnerability in Propertywatchscript Property Watch 2.0 Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php. | 4.3 |
2009-09-03 | CVE-2009-3060 | Allpublication | Cross-Site Scripting vulnerability in Allpublication Jboard Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script. | 4.3 |
2009-09-03 | CVE-2009-3057 | AOM Software | Cross-Site Scripting vulnerability in Aom-Software Beex 3 Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php. | 4.3 |
2009-09-02 | CVE-2009-3048 | Opera Conectiva Freebsd SUN | Improper Input Validation vulnerability in Opera Browser Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | 4.3 |
2009-09-02 | CVE-2009-3047 | Opera | Remote Security vulnerability in Opera Web Browser Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | 4.3 |
2009-09-02 | CVE-2009-2700 | QT | Improper Input Validation vulnerability in QT src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 4.3 |
2009-09-02 | CVE-2009-2958 | Thekelleys | Resource Management Errors vulnerability in Thekelleys Dnsmasq The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. | 4.3 |
2009-09-01 | CVE-2009-3038 | IBM RIM | Denial-Of-Service vulnerability in Lotus Notes Connector A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element. | 4.3 |
2009-09-01 | CVE-2008-7150 | Drupal BER Kessels | Cross-Site Scripting vulnerability in BER Kessels Refine BY Taxo 5.X1.Xdev Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags. | 4.3 |
2009-09-01 | CVE-2008-7147 | Intralearn | Cross-Site Scripting vulnerability in Intralearn 2.1/4.2 Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm. | 4.3 |
2009-09-01 | CVE-2008-7141 | Alexphpteam | Cross-Site Scripting vulnerability in Alexphpteam @Lex Poll 2.1 Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. | 4.3 |
2009-09-01 | CVE-2008-7140 | Alexguestbook | Cross-Site Scripting vulnerability in Alexguestbook @Lex Guestbook Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. | 4.3 |
2009-09-01 | CVE-2008-7136 | ICQ | Improper Input Validation vulnerability in ICQ Toolbar 2.3 toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135. | 4.3 |
2009-09-01 | CVE-2008-7135 | ICQ | Improper Input Validation vulnerability in ICQ Toolbar 2.3 toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136. | 4.3 |
2009-09-01 | CVE-2008-7134 | Redgalaxy | Cross-Site Scripting vulnerability in Redgalaxy Download Center 1.2 Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. | 4.3 |
2009-09-01 | CVE-2008-7133 | Onlinetools | Cross-Site Scripting vulnerability in Onlinetools Easyimagecatalogue 1.3.1 Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. | 4.3 |
2009-09-01 | CVE-2008-7132 | Nuked Klan | Cross-Site Scripting vulnerability in Nuked-Klan 1.3Beta Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.3 beta allows remote attackers to inject arbitrary web script or HTML via the nuked_nude parameter. | 4.3 |
2009-08-31 | CVE-2009-3025 | Pidgin | Unspecified vulnerability in Pidgin 2.6.0 Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. | 4.3 |
2009-08-31 | CVE-2009-3024 | IO Socket SSL | Cryptographic Issues vulnerability in Io-Socket-Ssl The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate. | 4.3 |
2009-08-31 | CVE-2009-3021 | Yoshinori Tahara Geeklog | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-08-31 | CVE-2009-3018 | Maxthon | Cross-Site Scripting vulnerability in Maxthon Browser 3.0.0.145 Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header. | 4.3 |
2009-08-31 | CVE-2009-3017 | Orcabrowser | Cross-Site Scripting vulnerability in Orcabrowser Orca Browser 1.2 Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (3) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location HTTP response header or (6) specifying the content of a Location HTTP response header. | 4.3 |
2009-08-31 | CVE-2009-3016 | Apple | Cross-Site Scripting vulnerability in Apple Safari 4.0.3 Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | 4.3 |
2009-08-31 | CVE-2009-3015 | Qtweb | Cross-Site Scripting vulnerability in Qtweb 3.0 QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. | 4.3 |
2009-08-31 | CVE-2009-3014 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox, Mozilla and Seamonkey Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header. | 4.3 |
2009-08-31 | CVE-2009-3013 | Opera | Cross-Site Scripting vulnerability in Opera Browser Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. | 4.3 |
2009-08-31 | CVE-2009-3012 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. | 4.3 |
2009-08-31 | CVE-2009-3011 | Cross-Site Scripting vulnerability in Google Chrome Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | 4.3 | |
2009-08-31 | CVE-2009-3010 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox, Mozilla and Seamonkey Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | 4.3 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|