Weekly Vulnerabilities Reports > August 31 to September 6, 2009

Overview

97 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 84 vendors including Opera, Mozilla, Joomla, EYE FI, and Microfocus. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 97 reported vulnerabilities are remotely exploitables.
  • 24 reported vulnerabilities have public exploit available.
  • 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 95 reported vulnerabilities are exploitable by an anonymous user.
  • Opera has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Openoffice has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-04 CVE-2008-7164 RYO OH KI Unspecified vulnerability in Ryo-Oh-Ki Shareaza 2.0.0.0/2.2.0.0/2.2.1.0

Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor.

10.0
2009-09-02 CVE-2009-3050 Htmldoc Buffer Errors vulnerability in Htmldoc 1.8.24/1.8.25/1.8.26

Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment.

10.0
2009-09-02 CVE-2008-7158 Numarasoftware OS Command Injection vulnerability in Numarasoftware Footprints

Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl.

10.0
2009-09-01 CVE-2008-7149 Agilewiki Remote Security vulnerability in Agilewiki

Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords.

10.0
2009-09-01 CVE-2008-7148 Synfig Remote Security vulnerability in Synfigstudio

Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.

10.0
2009-09-01 CVE-2008-7144 Rarlab Remote Security vulnerability in WinRar

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.

10.0
2009-08-31 CVE-2008-7126 Microfocus Numeric Errors vulnerability in Microfocus Visibroker

Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.

10.0
2009-08-31 CVE-2008-7122 Evansprogramming Insecure Method And Buffer Overflow vulnerability in Registry Pro 'epRegPro.ocx' ActiveX Control

Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) DeleteValue, (6) EnumKeys, (7) EnumValues, (8) QueryType, (9) QueryValue, (10) RenameKey, and (11) SetValue methods.

10.0
2009-09-04 CVE-2009-2946 Devscripts Devel Team
Debian
Unspecified vulnerability in Devscripts Devel Team Devscripts

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.

9.3
2009-09-04 CVE-2009-3068 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Robohelp Server 8

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.

9.3
2009-09-04 CVE-2008-7162 Heroshare Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Heroshare Hero Super Player 3000

Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file.

9.3
2009-09-03 CVE-2009-3058 Aksoft Buffer Errors vulnerability in Aksoft Akplayer 1.9.0

Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file.

9.3
2009-09-02 CVE-2009-0201 Openoffice Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Openoffice.Org

Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."

9.3
2009-09-02 CVE-2009-0200 Openoffice Numeric Errors vulnerability in Openoffice Openoffice.Org

Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.

9.3
2009-09-01 CVE-2009-3037 IBM
Symantec
Autonomy
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

9.3
2009-08-31 CVE-2008-7125 Ariadne CMS OS Command Injection vulnerability in Ariadne-Cms Ariadne CMS 2.4

pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command.

9.0

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-04 CVE-2009-3082 Snowhall SQL Injection vulnerability in Snowhall Silurus System 1.0

SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2009-09-04 CVE-2009-3081 Uiga SQL Injection vulnerability in Uiga Church Portal

SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action.

7.5
2009-09-04 CVE-2008-7161 Fortinet Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate-1000 3.00

Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header.

7.5
2009-09-03 CVE-2009-3065 Rein Velt Code Injection vulnerability in Rein Velt Vedit 01.4

PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.

7.5
2009-09-03 CVE-2009-3064 Rein Velt Path Traversal vulnerability in Rein Velt Vedit 01.4

Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-09-03 CVE-2009-3063 Joomla
Indianpulses
SQL Injection vulnerability in Indianpulses COM Gameserver 1.0

SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.

7.5
2009-09-03 CVE-2009-3062 Phplivesupport SQL Injection vulnerability in PHPlivesupport. PHPlive! 3.3

SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.

7.5
2009-09-03 CVE-2009-3061 Alqa6Ari SQL Injection vulnerability in Alqa6Ari Script Q R 1.0

SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-09-03 CVE-2009-3059 Allpublication SQL Injection vulnerability in Allpublication Jboard

Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.

7.5
2009-09-03 CVE-2009-3056 BAS Bloemsaat Code Injection vulnerability in BAS Bloemsaat Kingcms 0.6.0

PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter.

7.5
2009-09-03 CVE-2009-3055 Dlecms Code Injection vulnerability in Dlecms DLE 8.2

PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter.

7.5
2009-09-03 CVE-2009-3054 Joomla
Artetics
SQL Injection vulnerability in Artetics COM Artportal 1.0

SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.

7.5
2009-09-02 CVE-2009-3046 Opera Improper Certificate Validation vulnerability in Opera Browser

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.

7.5
2009-09-02 CVE-2008-7155 Phprisk Permissions, Privileges, and Access Controls vulnerability in PHPrisk Netrisk 1.9.7

NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.

7.5
2009-09-02 CVE-2008-7153 Docebo SQL Injection vulnerability in Docebo

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header.

7.5
2009-09-01 CVE-2009-3041 Spip Permissions, Privileges, and Access Controls vulnerability in Spip

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.

7.5
2009-09-01 CVE-2008-7145 Coronamatrix SQL Injection vulnerability in Coronamatrix PHPaddressbook 2.0

Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.

7.5
2009-08-31 CVE-2008-7128 Xyssl Permissions, Privileges, and Access Controls vulnerability in Xyssl

The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.

7.5
2009-08-31 CVE-2008-7124 Zkup Improper Authentication vulnerability in Zkup

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.

7.5
2009-08-31 CVE-2009-3020 Microsoft Denial-Of-Service vulnerability in Windows Server 2003 Enterprise Edition Itanium

win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232.

7.1

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-04 CVE-2009-2697 Gnome
Redhat
Improper Authentication vulnerability in Gnome GDM

The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.

6.8
2009-09-04 CVE-2008-7165 Alice Cross-Site Request Forgery (CSRF) vulnerability in Alice Gate2 Plus Wi-Fi

Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters.

6.8
2009-09-04 CVE-2008-7163 Sinecms Path Traversal vulnerability in Sinecms

Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter.

6.8
2009-09-03 CVE-2009-3053 Joomla
Jvitals
Path Traversal vulnerability in Jvitals COM Agora 3.0.0B

Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.

6.8
2009-09-02 CVE-2008-7157 Ekinboard Permissions, Privileges, and Access Controls vulnerability in Ekinboard

Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.

6.8
2009-09-02 CVE-2008-7156 Ekinboard Improper Authentication vulnerability in Ekinboard

EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.

6.8
2009-09-02 CVE-2009-2957 Thekelleys Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Thekelleys Dnsmasq

Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.

6.8
2009-09-01 CVE-2008-7152 Simon Rycroft Code Injection vulnerability in Simon Rycroft SID

Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) client.php or (2) taxonservice.php.

6.8
2009-09-01 CVE-2008-7151 Gurpartap Singh
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Gurpartap Singh Live 5.X1.Xdev

Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code.

6.8
2009-09-01 CVE-2008-7143 Phpbb Information Exposure vulnerability in PHPbb 2.0.23

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.

6.8
2009-09-01 CVE-2008-7139 EYE FI Cross-Site Request Forgery (CSRF) vulnerability in Eye.Fi Eye-Fi Manager 1.1.2

Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload.

6.8
2009-08-31 CVE-2008-7131 Peter Kohlmann Security Bypass vulnerability in DB2 Monitoring Console

Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to gain access to a database via a link to a victim who is already connected to the database.

6.8
2009-08-31 CVE-2008-7123 Zkup Code Injection vulnerability in Zkup

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.

6.8
2009-09-03 CVE-2009-3052 Phpbb
Absoluteanime
SQL Injection vulnerability in Absoluteanime Prime Quick Style 1.2.3

SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php.

6.5
2009-08-31 CVE-2009-3022 ITD INC Cross-Site Request Forgery (CSRF) vulnerability in Itd-Inc Bingo!Cms 1.0/1.1/1.2

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

6.5
2009-09-04 CVE-2008-7166 Bittorrent
Utorrent
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header.

5.0
2009-09-02 CVE-2009-3049 Opera Remote Security vulnerability in Opera Web Browser

Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.

5.0
2009-09-02 CVE-2009-3045 Opera Cryptographic Issues vulnerability in Opera Browser

Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.

5.0
2009-09-02 CVE-2009-3044 Opera Cryptographic Issues vulnerability in Opera Browser

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

5.0
2009-09-02 CVE-2009-2968 Vmware Path Traversal vulnerability in VMWare Studio 2.0

Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors.

5.0
2009-09-02 CVE-2008-7154 Docebo Information Exposure vulnerability in Docebo

Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.

5.0
2009-09-01 CVE-2008-7146 Intralearn Information Exposure vulnerability in Intralearn 2.1

IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message.

5.0
2009-09-01 CVE-2008-7142 Cpanel Path Traversal vulnerability in Cpanel 11.18.3

Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.

5.0
2009-09-01 CVE-2008-7138 EYE FI Cryptographic Issues vulnerability in Eye.Fi Eye-Fi Manager 1.1.2

The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.

5.0
2009-09-01 CVE-2008-7137 EYE FI Multiple Security vulnerability in Eye.Fi Eye-Fi Manager 1.1.2

WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors.

5.0
2009-08-31 CVE-2009-3026 Pidgin Cryptographic Issues vulnerability in Pidgin 2.6.0

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

5.0
2009-08-31 CVE-2009-2944 Ikiwiki Information Disclosure vulnerability in ikiwiki 'teximg' Plugin Insecure TeX Commands

Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.

5.0
2009-08-31 CVE-2009-3019 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 6/7

Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.

5.0
2009-08-31 CVE-2008-7130 Peter Kohlmann Security Bypass vulnerability in DB2 Monitoring Console

Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upload arbitrary files via unknown vectors.

5.0
2009-08-31 CVE-2008-7129 Xyssl Resource Management Errors vulnerability in Xyssl

XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification.

5.0
2009-08-31 CVE-2008-7127 Microfocus Resource Management Errors vulnerability in Microfocus Visibroker

osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled.

5.0
2009-09-03 CVE-2009-3067 Webformatique Cross-Site Scripting vulnerability in Webformatique Reservation Manager

Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter.

4.3
2009-09-03 CVE-2009-3066 Propertywatchscript Cross-Site Scripting vulnerability in Propertywatchscript Property Watch 2.0

Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.

4.3
2009-09-03 CVE-2009-3060 Allpublication Cross-Site Scripting vulnerability in Allpublication Jboard

Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script.

4.3
2009-09-03 CVE-2009-3057 AOM Software Cross-Site Scripting vulnerability in Aom-Software Beex 3

Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.

4.3
2009-09-02 CVE-2009-3048 Opera
Conectiva
Freebsd
SUN
Improper Input Validation vulnerability in Opera Browser

Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."

4.3
2009-09-02 CVE-2009-3047 Opera Remote Security vulnerability in Opera Web Browser

Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.

4.3
2009-09-02 CVE-2009-2700 QT Improper Input Validation vulnerability in QT

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

4.3
2009-09-02 CVE-2009-2958 Thekelleys Resource Management Errors vulnerability in Thekelleys Dnsmasq

The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.

4.3
2009-09-01 CVE-2009-3038 IBM
RIM
Denial-Of-Service vulnerability in Lotus Notes Connector

A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element.

4.3
2009-09-01 CVE-2008-7150 Drupal
BER Kessels
Cross-Site Scripting vulnerability in BER Kessels Refine BY Taxo 5.X1.Xdev

Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags.

4.3
2009-09-01 CVE-2008-7147 Intralearn Cross-Site Scripting vulnerability in Intralearn 2.1/4.2

Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm.

4.3
2009-09-01 CVE-2008-7141 Alexphpteam Cross-Site Scripting vulnerability in Alexphpteam @Lex Poll 2.1

Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter.

4.3
2009-09-01 CVE-2008-7140 Alexguestbook Cross-Site Scripting vulnerability in Alexguestbook @Lex Guestbook

Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php.

4.3
2009-09-01 CVE-2008-7136 ICQ Improper Input Validation vulnerability in ICQ Toolbar 2.3

toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135.

4.3
2009-09-01 CVE-2008-7135 ICQ Improper Input Validation vulnerability in ICQ Toolbar 2.3

toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.

4.3
2009-09-01 CVE-2008-7134 Redgalaxy Cross-Site Scripting vulnerability in Redgalaxy Download Center 1.2

Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action.

4.3
2009-09-01 CVE-2008-7133 Onlinetools Cross-Site Scripting vulnerability in Onlinetools Easyimagecatalogue 1.3.1

Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php.

4.3
2009-09-01 CVE-2008-7132 Nuked Klan Cross-Site Scripting vulnerability in Nuked-Klan 1.3Beta

Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.3 beta allows remote attackers to inject arbitrary web script or HTML via the nuked_nude parameter.

4.3
2009-08-31 CVE-2009-3025 Pidgin Unspecified vulnerability in Pidgin 2.6.0

Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.

4.3
2009-08-31 CVE-2009-3024 IO Socket SSL Cryptographic Issues vulnerability in Io-Socket-Ssl

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.

4.3
2009-08-31 CVE-2009-3021 Yoshinori Tahara
Geeklog
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-08-31 CVE-2009-3018 Maxthon Cross-Site Scripting vulnerability in Maxthon Browser 3.0.0.145

Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header.

4.3
2009-08-31 CVE-2009-3017 Orcabrowser Cross-Site Scripting vulnerability in Orcabrowser Orca Browser 1.2

Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (3) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location HTTP response header or (6) specifying the content of a Location HTTP response header.

4.3
2009-08-31 CVE-2009-3016 Apple Cross-Site Scripting vulnerability in Apple Safari 4.0.3

Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.

4.3
2009-08-31 CVE-2009-3015 Qtweb Cross-Site Scripting vulnerability in Qtweb 3.0

QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header.

4.3
2009-08-31 CVE-2009-3014 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Mozilla and Seamonkey

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.

4.3
2009-08-31 CVE-2009-3013 Opera Cross-Site Scripting vulnerability in Opera Browser

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header.

4.3
2009-08-31 CVE-2009-3012 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header.

4.3
2009-08-31 CVE-2009-3011 Google Cross-Site Scripting vulnerability in Google Chrome

Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.

4.3
2009-08-31 CVE-2009-3010 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Mozilla and Seamonkey

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS