Weekly Vulnerabilities Reports > September 7 to 13, 2009

Overview

164 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 146 products from 98 vendors including Apple, Mozilla, IBM, Microsoft, and Symantec. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", and "Path Traversal".

  • 154 reported vulnerabilities are remotely exploitables.
  • 35 reported vulnerabilities have public exploit available.
  • 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 162 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

48 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-13 CVE-2008-7219 Horde Permissions, Privileges, and Access Controls vulnerability in Horde products

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.

10.0
2009-09-13 CVE-2008-7218 Horde Security Bypass vulnerability in Horde Products

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.

10.0
2009-09-13 CVE-2007-6732 Claudio Matsuoka Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Claudio Matsuoka Extended Module Player

Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.

10.0
2009-09-13 CVE-2007-6731 Claudio Matsuoka Code Injection vulnerability in Claudio Matsuoka Extended Module Player

Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.

10.0
2009-09-11 CVE-2009-3179 Symantec Remote Security vulnerability in Symantec Altiris Deployment Solution 6.9

Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information.

10.0
2009-09-11 CVE-2009-3177 Kaspersky Unspecified vulnerability in Kaspersky products

Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information.

10.0
2009-09-11 CVE-2009-3169 Hitachi Multiple Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP

Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors.

10.0
2009-09-10 CVE-2009-3079 Mozilla Code Injection vulnerability in Mozilla Firefox

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

10.0
2009-09-10 CVE-2009-3075 Mozilla Unspecified vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.

10.0
2009-09-10 CVE-2009-3074 Mozilla Unspecified vulnerability in Mozilla Firefox

Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-09-10 CVE-2009-3073 Mozilla Unspecified vulnerability in Mozilla Firefox 3.5/3.5.1/3.5.2

Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-09-10 CVE-2009-3072 Mozilla Unspecified vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.

10.0
2009-09-10 CVE-2009-3071 Mozilla Unspecified vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-09-10 CVE-2009-3070 Mozilla Unspecified vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-09-10 CVE-2009-3069 Mozilla Unspecified vulnerability in Mozilla Firefox 3.5/3.5.1/3.5.2

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-09-10 CVE-2008-7200 Deliantra Remote Security vulnerability in Deliantra

Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors.

10.0
2009-09-10 CVE-2008-7198 Alecwh Remote Security vulnerability in Alecwh PHPns 2.1.1Alpha1B1/2.1.1B1

Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors.

10.0
2009-09-10 CVE-2008-7197 G15Tools Remote Security vulnerability in G15daemon

Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors.

10.0
2009-09-10 CVE-2008-7196 Mark Reinsfelder Remote Security vulnerability in Mark Reinsfelder Metashell 0.01B

Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.

10.0
2009-09-09 CVE-2009-3112 Oxidforge Unspecified vulnerability in Oxidforge Oxid Eshop and Oxid Eshop4.0.0.2 14967

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter.

10.0
2009-09-09 CVE-2008-7190 Adium Cross-Site Scripting vulnerability in Adium

Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS).

10.0
2009-09-09 CVE-2008-7189 Bastian Blumentritt Remote Security vulnerability in Local Media Browser

Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security holes."

10.0
2009-09-08 CVE-2009-3102 Zmanda Improper Input Validation vulnerability in Zmanda ZRM for MY SQL 2.1

The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.

10.0
2009-09-08 CVE-2009-3099 Microsoft
HP
Remote Security vulnerability in HP Operations Manager 8.1

Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872.

10.0
2009-09-08 CVE-2009-3098 Microsoft
HP
Remote Security vulnerability in HP Operations Dashboard 2.1

Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

10.0
2009-09-08 CVE-2009-3096 Microsoft
HP
Remote Security vulnerability in HP Performance Insight 5.3

Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11.

10.0
2009-09-08 CVE-2009-3093 Asus Remote Security vulnerability in Asus Wl-500W

Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

10.0
2009-09-08 CVE-2009-3092 Asus Remote vulnerability in ASUS WL-500W Wireless Router

Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

10.0
2009-09-08 CVE-2009-3091 Asus Remote Security vulnerability in Asus Wl-330Ge

Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

10.0
2009-09-08 CVE-2008-7174 Juracapecoffee Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juracapecoffee Internet Connectivity KIT

Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions.

10.0
2009-09-08 CVE-2008-7173 Juracapecoffee Permissions, Privileges, and Access Controls vulnerability in Juracapecoffee Internet Connectivity KIT

The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request.

10.0
2009-09-08 CVE-2008-7170 Gameservers Permissions, Privileges, and Access Controls vulnerability in Gameservers GSC 1.00

GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet.

10.0
2009-09-11 CVE-2009-3176 Novell Buffer Errors vulnerability in Novell Iprint 4.38

Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1, "Novell iPrint Client 4.38 ActiveX exploit." NOTE: as of 20090909, this disclosure has no actionable information.

9.3
2009-09-11 CVE-2009-3170 Aimp Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Aimp Aimp2 Audio Converter

Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.

9.3
2009-09-10 CVE-2009-3077 Mozilla Code Injection vulnerability in Mozilla Firefox

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."

9.3
2009-09-10 CVE-2009-3076 Mozilla Unspecified vulnerability in Mozilla Firefox

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.

9.3
2009-09-10 CVE-2009-2799 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.

9.3
2009-09-10 CVE-2009-2798 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

9.3
2009-09-10 CVE-2009-2203 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.

9.3
2009-09-10 CVE-2009-2202 Apple Arbitrary Code Execution vulnerability in Apple QuickTime

Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.

9.3
2009-09-10 CVE-2007-6730 Zyxel Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-330W Router

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup.

9.3
2009-09-08 CVE-2009-3109 Symantec Authentication Handshake Race Condition Security vulnerability in Symantec Altiris Deployment Solution 6.9

Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.

9.3
2009-09-08 CVE-2009-2139 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Openoffice.Org

Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.

9.3
2009-09-08 CVE-2009-2628 Vmware Code Injection vulnerability in VMWare products

The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.

9.3
2009-09-08 CVE-2009-2519 Microsoft Code Injection vulnerability in Microsoft Windows 2000, Windows Server 2003 and Windows XP

The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."

9.3
2009-09-08 CVE-2009-0199 Vmware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products

Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).

9.3
2009-09-08 CVE-2008-7177 Nasm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nasm Netwide Assembler

Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.

9.3
2009-09-08 CVE-2008-7168 Uusee Unspecified vulnerability in Uusee and Uuupgrade.Ocx

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.

9.3

38 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-10 CVE-2009-3160 IBM Multiple vulnerability in IBM WebSphere MQ

IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue.

8.8
2009-09-11 CVE-2009-3178 Symantec Remote vulnerability in Symantec Altiris Deployment Solution 6.9

Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information.

7.8
2009-09-10 CVE-2009-2815 Apple Resource Management Errors vulnerability in Apple Iphone OS

The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.

7.8
2009-09-10 CVE-2009-3161 IBM Multiple vulnerability in IBM WebSphere MQ 7.0.0.1/7.0.0.2/7.0.1.0

The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.

7.8
2009-09-10 CVE-2009-3159 IBM Multiple vulnerability in IBM Websphere MQ 7.0.0.0/7.0.0.1/7.0.0.2

Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.

7.8
2009-09-10 CVE-2008-7201 Lantronix Resource Management Errors vulnerability in Lantronix Mss485-T

Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap.

7.8
2009-09-08 CVE-2009-0627 Cisco Unspecified vulnerability in Cisco Nexus 5000, Nexus 7000 and Nx-Os

Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609.

7.8
2009-09-08 CVE-2009-3097 HP
Microsoft
Information Exposure vulnerability in HP Performance Insight 5.3

Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11.

7.8
2009-09-08 CVE-2009-3089 IBM Denial-Of-Service vulnerability in IBM Tivoli Directory Server 6.0

IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717.

7.8
2009-09-11 CVE-2009-3180 Anantasoft Credentials Management vulnerability in Anantasoft Gazelle CMS 1.0

Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php.

7.5
2009-09-11 CVE-2009-3175 Boldfx SQL Injection vulnerability in Boldfx Model Agency Manager PRO

Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.

7.5
2009-09-11 CVE-2009-3174 Odelao Code Injection vulnerability in Odelao Obophix 1.0

PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.

7.5
2009-09-11 CVE-2009-3172 Hitachi Unspecified vulnerability in Hitachi products

Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights.

7.5
2009-09-11 CVE-2008-7210 Ming HAN SQL Injection vulnerability in Ming HAN Ajchat 0.10

directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset.

7.5
2009-09-11 CVE-2008-7209 Insane Visions Permissions, Privileges, and Access Controls vulnerability in Insane Visions Onecms

Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory.

7.5
2009-09-10 CVE-2009-3163 Silcnet USE of Externally-Controlled Format String vulnerability in Silcnet Silc Client and Silc Toolkit

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.

7.5
2009-09-10 CVE-2009-3158 Carsten Wulff Improper Authentication vulnerability in Carsten Wulff Simplephpweb 0.2

admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors.

7.5
2009-09-10 CVE-2009-3154 Joomla
Almondsoft
SQL Injection vulnerability in Almondsoft COM Aclassf 7.5

SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.

7.5
2009-09-10 CVE-2009-3150 Multi Website SQL Injection vulnerability in Multi-Website Multi Website 1.5

SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.

7.5
2009-09-10 CVE-2009-3148 Portalxp SQL Injection vulnerability in Portalxp 1.2

Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.

7.5
2009-09-10 CVE-2009-3051 Silcnet USE of Externally-Controlled Format String vulnerability in Silcnet Silc Client and Silc Toolkit

Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.

7.5
2009-09-09 CVE-2009-3119 X Iweb RU
PHP Fusion
SQL Injection vulnerability in X-Iweb.Ru Download System MSF

SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter.

7.5
2009-09-09 CVE-2009-3118 Danneo SQL Injection vulnerability in Danneo CMS 0.5/0.5.1

SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php.

7.5
2009-09-09 CVE-2009-3117 Snowhall SQL Injection vulnerability in Snowhall Silurus System 1.0

SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2009-09-09 CVE-2009-3116 Uiga SQL Injection vulnerability in Uiga Church Portal

SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action.

7.5
2009-09-09 CVE-2009-3114 IBM Code Injection vulnerability in IBM Lotus Notes 8.5

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.

7.5
2009-09-09 CVE-2008-7188 Clip Share Permissions, Privileges, and Access Controls vulnerability in Clip-Share Clipshare 2.6

ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php.

7.5
2009-09-08 CVE-2009-3088 Linux
IBM
Buffer Errors vulnerability in IBM Tivoli Directory Server 6.0

Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

7.5
2009-09-08 CVE-2009-2702 KDE Cryptographic Issues vulnerability in KDE Kdelibs 3.5.4/4.2.4/4.3

KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

7.5
2009-09-08 CVE-2008-7181 Butterflymedia Permissions, Privileges, and Access Controls vulnerability in Butterflymedia Butterfly Organizer 2.0.0

Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.

7.5
2009-09-08 CVE-2008-7179 Otmanager Improper Authentication vulnerability in Otmanager CMS 2.4

OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.

7.5
2009-09-08 CVE-2008-7178 Xoops Path Traversal vulnerability in Xoops Uploader 1.1

Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a ..

7.5
2009-09-08 CVE-2008-7172 Yanick Bourbeau Permissions, Privileges, and Access Controls vulnerability in Yanick Bourbeau Lightweight News Portal 1.0B

Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.

7.5
2009-09-08 CVE-2008-7169 Jabode
Joomla
SQL Injection vulnerability in Jabode COM Jabode

SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.

7.5
2009-09-08 CVE-2008-7167 Sami Ekblad Permissions, Privileges, and Access Controls vulnerability in Sami Ekblad Page Manager 20060204

Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

7.5
2009-09-10 CVE-2009-2795 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."

7.2
2009-09-08 CVE-2009-3108 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution

The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.

7.2
2009-09-10 CVE-2009-3164 SUN Denial-Of-Service vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames.

7.1

75 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-11 CVE-2008-7211 Soundblaster
Microsoft
Local Privilege Escalation vulnerability in Soundblaster Ensoniq PCI Es1371 WDM Driver 5.1.3612.0

CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer.

6.9
2009-09-11 CVE-2009-3182 Anantasoft Permissions, Privileges, and Access Controls vulnerability in Anantasoft Gazelle CMS 1.0

Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/.

6.8
2009-09-11 CVE-2009-3173 Theratstudios Unspecified vulnerability in Theratstudios the RAT CMS 2

Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.

6.8
2009-09-11 CVE-2009-2800 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

6.8
2009-09-11 CVE-2008-7214 Mambo Foundation
Brilaps
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.

6.8
2009-09-11 CVE-2008-7208 Insane Visions SQL Injection vulnerability in Insane Visions Onecms

Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.

6.8
2009-09-11 CVE-2008-7204 Virtuemart Cross-Site Request Forgery (CSRF) vulnerability in Virtuemart

Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

6.8
2009-09-10 CVE-2009-2206 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS

Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.

6.8
2009-09-09 CVE-2009-2205 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

6.8
2009-09-09 CVE-2008-7193 Phpkit Cross-Site Request Forgery (CSRF) vulnerability in PHPkit 1.6.4Pl1

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.

6.8
2009-09-09 CVE-2008-7192 Woltlab Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board 3.0.1

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472.

6.8
2009-09-08 CVE-2008-7183 Evacms Code Injection vulnerability in Evacms EVA CMS 2.3.1

PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php.

6.8
2009-09-08 CVE-2008-7176 Celina Jorge Path Traversal vulnerability in Celina Jorge Facil CMS 0.1

Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a ..

6.8
2009-09-09 CVE-2009-3122 Chris Shattuck
Drupal
Permissions, Privileges, and Access Controls vulnerability in Chris Shattuck Ajaxtable 5.X1.Xdev

The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.

6.4
2009-09-08 CVE-2009-2701 Zope Unspecified vulnerability in Zope Zodb

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

6.0
2009-09-11 CVE-2008-7215 Mambo Foundation
Brilaps
Improper Input Validation vulnerability in multiple products

The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails.

5.8
2009-09-10 CVE-2008-7160 Silcnet USE of Externally-Controlled Format String vulnerability in Silcnet Silc Toolkit

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.

5.8
2009-09-10 CVE-2008-7159 Silcnet USE of Externally-Controlled Format String vulnerability in Silcnet Silc Toolkit

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string.

5.8
2009-09-08 CVE-2009-3110 Symantec Race Condition vulnerability in Symantec Altiris Deployment Solution

Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.

5.8
2009-09-11 CVE-2009-3181 Anantasoft Path Traversal vulnerability in Anantasoft Gazelle CMS 1.0

Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a ..

5.0
2009-09-11 CVE-2008-7212 Mambo Foundation
Brilaps
Permissions, Privileges, and Access Controls vulnerability in multiple products

MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message.

5.0
2009-09-11 CVE-2008-7203 Valvesoftware Resource Management Errors vulnerability in Valvesoftware Counter-Strike 1.6

Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets.

5.0
2009-09-10 CVE-2009-3078 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.

5.0
2009-09-10 CVE-2009-2797 Apple
Canonical
Information Exposure vulnerability in multiple products

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

5.0
2009-09-10 CVE-2009-3151 Ultrize Path Traversal vulnerability in Ultrize Timesheet 1.2.2

Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a ..

5.0
2009-09-10 CVE-2008-7199 Phoenixcontact Denial-Of-Service vulnerability in Fl Il 24 Bk-Pac

Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port 502.

5.0
2009-09-10 CVE-2008-7195 Fujitsu Denial Of Service vulnerability in Fujitsu Interstage HTTP Server

Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server Enterprise Edition 7.0.1 for Solaris, allows attackers to cause a denial of service via unknown vectors related to SSL.

5.0
2009-09-10 CVE-2008-7194 Fujitsu Denial Of Service vulnerability in Fujitsu Interstage HTTP Server

Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request.

5.0
2009-09-09 CVE-2009-3124 Ipmotor Path Traversal vulnerability in Ipmotor Quarkmail

Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a ..

5.0
2009-09-09 CVE-2009-3123 Visavi Path Traversal vulnerability in Visavi Wap-Motor

Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a ..

5.0
2009-09-09 CVE-2009-3115 Solarwinds Improper Input Validation vulnerability in Solarwinds Tftp Server

SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request.

5.0
2009-09-09 CVE-2009-3113 Oxid Unspecified vulnerability in Oxid Eshop

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter.

5.0
2009-09-09 CVE-2009-3111 Freeradius Denial of Service vulnerability in FreeRADIUS Zero-length Tunnel-Password Attributes

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.

5.0
2009-09-09 CVE-2009-2266 Oxid Information Exposure vulnerability in Oxid Eshop

OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie.

5.0
2009-09-09 CVE-2008-7191 PPS Jussieu Denial-Of-Service vulnerability in Polipo

Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL.

5.0
2009-09-09 CVE-2008-7187 Coppermine Gallery Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4.14

Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message.

5.0
2009-09-09 CVE-2008-7186 Coppermine Gallery Permissions, Privileges, and Access Controls vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4.14

Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request.

5.0
2009-09-08 CVE-2009-3106 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.

5.0
2009-09-08 CVE-2009-3090 IBM
Linux
Denial-Of-Service vulnerability in IBM Tivoli Directory Server 6.0

Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

5.0
2009-09-08 CVE-2009-3087 IBM
Microsoft
Denial-Of-Service vulnerability in IBM Lotus Domino 8.0

Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

5.0
2009-09-08 CVE-2009-3086 Rubyonrails Information Exposure vulnerability in Rubyonrails Rails

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.

5.0
2009-09-08 CVE-2009-3085 Pidgin Denial of Service vulnerability in Pidgin Libpurple and Pidgin

The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.

5.0
2009-09-08 CVE-2009-3084 Pidgin Improper Input Validation vulnerability in Pidgin Libpurple and Pidgin

The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.

5.0
2009-09-08 CVE-2009-3083 Pidgin Buffer Errors vulnerability in Pidgin Libpurple and Pidgin

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.

5.0
2009-09-08 CVE-2009-2703 Pidgin Buffer Errors vulnerability in Pidgin Libpurple and Pidgin

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.

5.0
2009-09-08 CVE-2008-7180 Rittwick Banerjee Improper Input Validation vulnerability in Rittwick Banerjee Telephone Directory 2008

del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.

5.0
2009-09-08 CVE-2009-3101 SUN Resource Management Errors vulnerability in SUN Opensolaris

xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches.

4.9
2009-09-10 CVE-2009-2794 Apple Race Condition vulnerability in Apple Iphone OS

The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.

4.6
2009-09-08 CVE-2009-2632 CMU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CMU Cyrus Imap Server 2.2.13/2.3.14

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

4.4
2009-09-11 CVE-2009-3171 Anantasoft Cross-Site Scripting vulnerability in Anantasoft Gazelle CMS

Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php.

4.3
2009-09-11 CVE-2009-3167 Anantasoft Path Traversal vulnerability in Anantasoft Gazelle CMS 1.0

Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2009-09-11 CVE-2008-7216 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress Peter'S Math Anti-Spam for Wordpress

Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip.

4.3
2009-09-11 CVE-2008-7213 Mambo Foundation
Brilaps
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.

4.3
2009-09-11 CVE-2008-7206 Stefan Ritt Cross-Site Scripting vulnerability in Stefan Ritt Elog web Logbook

Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS).

4.3
2009-09-11 CVE-2008-7205 Virtuemart Improper Input Validation vulnerability in Virtuemart

Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file.

4.3
2009-09-10 CVE-2009-3162 Multi Website Cross-Site Scripting vulnerability in Multi-Website Multi Website 1.5

Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.

4.3
2009-09-10 CVE-2009-3155 Joomla
Almondsoft
Cross-Site Scripting vulnerability in Almondsoft COM Aclassf 7.5

Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.

4.3
2009-09-10 CVE-2009-3153 X10Media Cross-Site Scripting vulnerability in X10Media MP3 Search Engine 1.6.5

Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.

4.3
2009-09-10 CVE-2009-3152 NT Cross-Site Scripting vulnerability in NT BBS E-Market

Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.

4.3
2009-09-10 CVE-2009-3149 Curveriderhq Path Traversal vulnerability in Curveriderhq Elgg 1.5

Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

4.3
2009-09-10 CVE-2009-3147 Allenthusiast Cross-Site Scripting vulnerability in Allenthusiast Reviewpost PHP PRO B3

Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter.

4.3
2009-09-10 CVE-2009-3146 Articlefriend Cross-Site Scripting vulnerability in Articlefriend Script

Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter.

4.3
2009-09-10 CVE-2008-7202 Openwebmail Acatysmoof Cross-Site Scripting vulnerability in Openwebmail.Acatysmoof Openwebmail

Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2009-09-10 CVE-2007-6729 Zyxel Cross-Site Scripting vulnerability in Zyxel P-330W Router

Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors.

4.3
2009-09-09 CVE-2009-3121 Drupal
Chris Shattuck
Cross-Site Scripting vulnerability in Chris Shattuck Ajaxtable 5.X1.Xdev

Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-09-09 CVE-2009-3120 Bigace Cross-Site Scripting vulnerability in Bigace 2.6

Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2009-09-08 CVE-2008-7185 Gnome Improper Input Validation vulnerability in Gnome Rhythmbox 0.11.5

GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.

4.3
2009-09-08 CVE-2008-7184 Diigo Cross-Site Scripting vulnerability in Diigo Toolbar and Diigolet

Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment.

4.3
2009-09-08 CVE-2009-3105 IBM Cross-Site Scripting vulnerability in IBM Domino web Access 8.0.1

Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.

4.3
2009-09-08 CVE-2009-3104 Symantec Resource Management Errors vulnerability in Symantec products

Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors.

4.3
2009-09-08 CVE-2009-3009 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

4.3
2009-09-08 CVE-2008-7175 Alex Rabe
Wordpress
Cross-Site Scripting vulnerability in Alex Rabe Nextgen Gallery

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.

4.3
2009-09-08 CVE-2008-7171 Yanick Bourbeau Cross-Site Scripting vulnerability in Yanick Bourbeau Lightweight News Portal 1.0B

Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.

4.3
2009-09-08 CVE-2009-3100 SUN
X ORG
Denial-Of-Service vulnerability in OpenSolaris

xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.

4.0
2009-09-08 CVE-2008-7182 Netwin Buffer Errors vulnerability in Netwin Surgemail 3.9E

Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-11 CVE-2008-7207 Rivetcode Cryptographic Issues vulnerability in Rivetcode Rivettracker 0.1

RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.

2.1
2009-09-10 CVE-2009-2796 Apple Information Exposure vulnerability in Apple Iphone OS 3.0/3.0.1

The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.

2.1
2009-09-10 CVE-2009-2207 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS 3.0/3.0.1

The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.

2.1