Weekly Vulnerabilities Reports > September 7 to 13, 2009
Overview
164 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 146 products from 98 vendors including Apple, Mozilla, IBM, Microsoft, and Symantec. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", and "Path Traversal".
- 154 reported vulnerabilities are remotely exploitables.
- 35 reported vulnerabilities have public exploit available.
- 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 162 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
48 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-09-13 | CVE-2008-7219 | Horde | Permissions, Privileges, and Access Controls vulnerability in Horde products Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. | 10.0 |
2009-09-13 | CVE-2008-7218 | Horde | Security Bypass vulnerability in Horde Products Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. | 10.0 |
2009-09-13 | CVE-2007-6732 | Claudio Matsuoka | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Claudio Matsuoka Extended Module Player Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays. | 10.0 |
2009-09-13 | CVE-2007-6731 | Claudio Matsuoka | Code Injection vulnerability in Claudio Matsuoka Extended Module Player Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow. | 10.0 |
2009-09-11 | CVE-2009-3179 | Symantec | Remote Security vulnerability in Symantec Altiris Deployment Solution 6.9 Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. | 10.0 |
2009-09-11 | CVE-2009-3177 | Kaspersky | Unspecified vulnerability in Kaspersky products Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. | 10.0 |
2009-09-11 | CVE-2009-3169 | Hitachi | Multiple Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors. | 10.0 |
2009-09-10 | CVE-2009-3079 | Mozilla | Code Injection vulnerability in Mozilla Firefox Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | 10.0 |
2009-09-10 | CVE-2009-3075 | Mozilla | Unspecified vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. | 10.0 |
2009-09-10 | CVE-2009-3074 | Mozilla | Unspecified vulnerability in Mozilla Firefox Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-09-10 | CVE-2009-3073 | Mozilla | Unspecified vulnerability in Mozilla Firefox 3.5/3.5.1/3.5.2 Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-09-10 | CVE-2009-3072 | Mozilla | Unspecified vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. | 10.0 |
2009-09-10 | CVE-2009-3071 | Mozilla | Unspecified vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-09-10 | CVE-2009-3070 | Mozilla | Unspecified vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-09-10 | CVE-2009-3069 | Mozilla | Unspecified vulnerability in Mozilla Firefox 3.5/3.5.1/3.5.2 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-09-10 | CVE-2008-7200 | Deliantra | Remote Security vulnerability in Deliantra Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors. | 10.0 |
2009-09-10 | CVE-2008-7198 | Alecwh | Remote Security vulnerability in Alecwh PHPns 2.1.1Alpha1B1/2.1.1B1 Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors. | 10.0 |
2009-09-10 | CVE-2008-7197 | G15Tools | Remote Security vulnerability in G15daemon Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors. | 10.0 |
2009-09-10 | CVE-2008-7196 | Mark Reinsfelder | Remote Security vulnerability in Mark Reinsfelder Metashell 0.01B Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability. | 10.0 |
2009-09-09 | CVE-2009-3112 | Oxidforge | Unspecified vulnerability in Oxidforge Oxid Eshop and Oxid Eshop4.0.0.2 14967 Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter. | 10.0 |
2009-09-09 | CVE-2008-7190 | Adium | Cross-Site Scripting vulnerability in Adium Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS). | 10.0 |
2009-09-09 | CVE-2008-7189 | Bastian Blumentritt | Remote Security vulnerability in Local Media Browser Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security holes." | 10.0 |
2009-09-08 | CVE-2009-3102 | Zmanda | Improper Input Validation vulnerability in Zmanda ZRM for MY SQL 2.1 The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable. | 10.0 |
2009-09-08 | CVE-2009-3099 | Microsoft HP | Remote Security vulnerability in HP Operations Manager 8.1 Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. | 10.0 |
2009-09-08 | CVE-2009-3098 | Microsoft HP | Remote Security vulnerability in HP Operations Dashboard 2.1 Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 10.0 |
2009-09-08 | CVE-2009-3096 | Microsoft HP | Remote Security vulnerability in HP Performance Insight 5.3 Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. | 10.0 |
2009-09-08 | CVE-2009-3093 | Asus | Remote Security vulnerability in Asus Wl-500W Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 10.0 |
2009-09-08 | CVE-2009-3092 | Asus | Remote vulnerability in ASUS WL-500W Wireless Router Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 10.0 |
2009-09-08 | CVE-2009-3091 | Asus | Remote Security vulnerability in Asus Wl-330Ge Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 10.0 |
2009-09-08 | CVE-2008-7174 | Juracapecoffee | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juracapecoffee Internet Connectivity KIT Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions. | 10.0 |
2009-09-08 | CVE-2008-7173 | Juracapecoffee | Permissions, Privileges, and Access Controls vulnerability in Juracapecoffee Internet Connectivity KIT The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. | 10.0 |
2009-09-08 | CVE-2008-7170 | Gameservers | Permissions, Privileges, and Access Controls vulnerability in Gameservers GSC 1.00 GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet. | 10.0 |
2009-09-11 | CVE-2009-3176 | Novell | Buffer Errors vulnerability in Novell Iprint 4.38 Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1, "Novell iPrint Client 4.38 ActiveX exploit." NOTE: as of 20090909, this disclosure has no actionable information. | 9.3 |
2009-09-11 | CVE-2009-3170 | Aimp | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Aimp Aimp2 Audio Converter Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file. | 9.3 |
2009-09-10 | CVE-2009-3077 | Mozilla | Code Injection vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." | 9.3 |
2009-09-10 | CVE-2009-3076 | Mozilla | Unspecified vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. | 9.3 |
2009-09-10 | CVE-2009-2799 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. | 9.3 |
2009-09-10 | CVE-2009-2798 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | 9.3 |
2009-09-10 | CVE-2009-2203 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. | 9.3 |
2009-09-10 | CVE-2009-2202 | Apple | Arbitrary Code Execution vulnerability in Apple QuickTime Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. | 9.3 |
2009-09-10 | CVE-2007-6730 | Zyxel | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-330W Router Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup. | 9.3 |
2009-09-08 | CVE-2009-3109 | Symantec | Authentication Handshake Race Condition Security vulnerability in Symantec Altiris Deployment Solution 6.9 Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed. | 9.3 |
2009-09-08 | CVE-2009-2139 | SUN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Openoffice.Org Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238. | 9.3 |
2009-09-08 | CVE-2009-2628 | Vmware | Code Injection vulnerability in VMWare products The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. | 9.3 |
2009-09-08 | CVE-2009-2519 | Microsoft | Code Injection vulnerability in Microsoft Windows 2000, Windows Server 2003 and Windows XP The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." | 9.3 |
2009-09-08 | CVE-2009-0199 | Vmware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters). | 9.3 |
2009-09-08 | CVE-2008-7177 | Nasm | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nasm Netwide Assembler Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719. | 9.3 |
2009-09-08 | CVE-2008-7168 | Uusee | Unspecified vulnerability in Uusee and Uuupgrade.Ocx Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009. | 9.3 |
38 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-09-10 | CVE-2009-3160 | IBM | Multiple vulnerability in IBM WebSphere MQ IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue. | 8.8 |
2009-09-11 | CVE-2009-3178 | Symantec | Remote vulnerability in Symantec Altiris Deployment Solution 6.9 Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. | 7.8 |
2009-09-10 | CVE-2009-2815 | Apple | Resource Management Errors vulnerability in Apple Iphone OS The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. | 7.8 |
2009-09-10 | CVE-2009-3161 | IBM | Multiple vulnerability in IBM WebSphere MQ 7.0.0.1/7.0.0.2/7.0.1.0 The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data. | 7.8 |
2009-09-10 | CVE-2009-3159 | IBM | Multiple vulnerability in IBM Websphere MQ 7.0.0.0/7.0.0.1/7.0.0.2 Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2009-09-10 | CVE-2008-7201 | Lantronix | Resource Management Errors vulnerability in Lantronix Mss485-T Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap. | 7.8 |
2009-09-08 | CVE-2009-0627 | Cisco | Unspecified vulnerability in Cisco Nexus 5000, Nexus 7000 and Nx-Os Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609. | 7.8 |
2009-09-08 | CVE-2009-3097 | HP Microsoft | Information Exposure vulnerability in HP Performance Insight 5.3 Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. | 7.8 |
2009-09-08 | CVE-2009-3089 | IBM | Denial-Of-Service vulnerability in IBM Tivoli Directory Server 6.0 IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. | 7.8 |
2009-09-11 | CVE-2009-3180 | Anantasoft | Credentials Management vulnerability in Anantasoft Gazelle CMS 1.0 Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php. | 7.5 |
2009-09-11 | CVE-2009-3175 | Boldfx | SQL Injection vulnerability in Boldfx Model Agency Manager PRO Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php. | 7.5 |
2009-09-11 | CVE-2009-3174 | Odelao | Code Injection vulnerability in Odelao Obophix 1.0 PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter. | 7.5 |
2009-09-11 | CVE-2009-3172 | Hitachi | Unspecified vulnerability in Hitachi products Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights. | 7.5 |
2009-09-11 | CVE-2008-7210 | Ming HAN | SQL Injection vulnerability in Ming HAN Ajchat 0.10 directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. | 7.5 |
2009-09-11 | CVE-2008-7209 | Insane Visions | Permissions, Privileges, and Access Controls vulnerability in Insane Visions Onecms Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory. | 7.5 |
2009-09-10 | CVE-2009-3163 | Silcnet | USE of Externally-Controlled Format String vulnerability in Silcnet Silc Client and Silc Toolkit Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. | 7.5 |
2009-09-10 | CVE-2009-3158 | Carsten Wulff | Improper Authentication vulnerability in Carsten Wulff Simplephpweb 0.2 admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. | 7.5 |
2009-09-10 | CVE-2009-3154 | Joomla Almondsoft | SQL Injection vulnerability in Almondsoft COM Aclassf 7.5 SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567. | 7.5 |
2009-09-10 | CVE-2009-3150 | Multi Website | SQL Injection vulnerability in Multi-Website Multi Website 1.5 SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action. | 7.5 |
2009-09-10 | CVE-2009-3148 | Portalxp | SQL Injection vulnerability in Portalxp 1.2 Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php. | 7.5 |
2009-09-10 | CVE-2009-3051 | Silcnet | USE of Externally-Controlled Format String vulnerability in Silcnet Silc Client and Silc Toolkit Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. | 7.5 |
2009-09-09 | CVE-2009-3119 | X Iweb RU PHP Fusion | SQL Injection vulnerability in X-Iweb.Ru Download System MSF SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. | 7.5 |
2009-09-09 | CVE-2009-3118 | Danneo | SQL Injection vulnerability in Danneo CMS 0.5/0.5.1 SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php. | 7.5 |
2009-09-09 | CVE-2009-3117 | Snowhall | SQL Injection vulnerability in Snowhall Silurus System 1.0 SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2009-09-09 | CVE-2009-3116 | Uiga | SQL Injection vulnerability in Uiga Church Portal SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action. | 7.5 |
2009-09-09 | CVE-2009-3114 | IBM | Code Injection vulnerability in IBM Lotus Notes 8.5 The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K. | 7.5 |
2009-09-09 | CVE-2008-7188 | Clip Share | Permissions, Privileges, and Access Controls vulnerability in Clip-Share Clipshare 2.6 ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. | 7.5 |
2009-09-08 | CVE-2009-3088 | Linux IBM | Buffer Errors vulnerability in IBM Tivoli Directory Server 6.0 Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 7.5 |
2009-09-08 | CVE-2009-2702 | KDE | Cryptographic Issues vulnerability in KDE Kdelibs 3.5.4/4.2.4/4.3 KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
2009-09-08 | CVE-2008-7181 | Butterflymedia | Permissions, Privileges, and Access Controls vulnerability in Butterflymedia Butterfly Organizer 2.0.0 Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php. | 7.5 |
2009-09-08 | CVE-2008-7179 | Otmanager | Improper Authentication vulnerability in Otmanager CMS 2.4 OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php. | 7.5 |
2009-09-08 | CVE-2008-7178 | Xoops | Path Traversal vulnerability in Xoops Uploader 1.1 Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. | 7.5 |
2009-09-08 | CVE-2008-7172 | Yanick Bourbeau | Permissions, Privileges, and Access Controls vulnerability in Yanick Bourbeau Lightweight News Portal 1.0B Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions. | 7.5 |
2009-09-08 | CVE-2008-7169 | Jabode Joomla | SQL Injection vulnerability in Jabode COM Jabode SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php. | 7.5 |
2009-09-08 | CVE-2008-7167 | Sami Ekblad | Permissions, Privileges, and Access Controls vulnerability in Sami Ekblad Page Manager 20060204 Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 7.5 |
2009-09-10 | CVE-2009-2795 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing." | 7.2 |
2009-09-08 | CVE-2009-3108 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. | 7.2 |
2009-09-10 | CVE-2009-3164 | SUN | Denial-Of-Service vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. | 7.1 |
75 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-09-11 | CVE-2008-7211 | Soundblaster Microsoft | Local Privilege Escalation vulnerability in Soundblaster Ensoniq PCI Es1371 WDM Driver 5.1.3612.0 CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. | 6.9 |
2009-09-11 | CVE-2009-3182 | Anantasoft | Permissions, Privileges, and Access Controls vulnerability in Anantasoft Gazelle CMS 1.0 Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/. | 6.8 |
2009-09-11 | CVE-2009-3173 | Theratstudios | Unspecified vulnerability in Theratstudios the RAT CMS 2 Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | 6.8 |
2009-09-11 | CVE-2009-2800 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | 6.8 |
2009-09-11 | CVE-2008-7214 | Mambo Foundation Brilaps | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php. | 6.8 |
2009-09-11 | CVE-2008-7208 | Insane Visions | SQL Injection vulnerability in Insane Visions Onecms Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php. | 6.8 |
2009-09-11 | CVE-2008-7204 | Virtuemart | Cross-Site Request Forgery (CSRF) vulnerability in Virtuemart Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2009-09-10 | CVE-2009-2206 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. | 6.8 |
2009-09-09 | CVE-2009-2205 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 6.8 |
2009-09-09 | CVE-2008-7193 | Phpkit | Cross-Site Request Forgery (CSRF) vulnerability in PHPkit 1.6.4Pl1 PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php. | 6.8 |
2009-09-09 | CVE-2008-7192 | Woltlab | Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board 3.0.1 Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472. | 6.8 |
2009-09-08 | CVE-2008-7183 | Evacms | Code Injection vulnerability in Evacms EVA CMS 2.3.1 PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php. | 6.8 |
2009-09-08 | CVE-2008-7176 | Celina Jorge | Path Traversal vulnerability in Celina Jorge Facil CMS 0.1 Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a .. | 6.8 |
2009-09-09 | CVE-2009-3122 | Chris Shattuck Drupal | Permissions, Privileges, and Access Controls vulnerability in Chris Shattuck Ajaxtable 5.X1.Xdev The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. | 6.4 |
2009-09-08 | CVE-2009-2701 | Zope | Unspecified vulnerability in Zope Zodb Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors. | 6.0 |
2009-09-11 | CVE-2008-7215 | Mambo Foundation Brilaps | Improper Input Validation vulnerability in multiple products The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails. | 5.8 |
2009-09-10 | CVE-2008-7160 | Silcnet | USE of Externally-Controlled Format String vulnerability in Silcnet Silc Toolkit The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. | 5.8 |
2009-09-10 | CVE-2008-7159 | Silcnet | USE of Externally-Controlled Format String vulnerability in Silcnet Silc Toolkit The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. | 5.8 |
2009-09-08 | CVE-2009-3110 | Symantec | Race Condition vulnerability in Symantec Altiris Deployment Solution Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. | 5.8 |
2009-09-11 | CVE-2009-3181 | Anantasoft | Path Traversal vulnerability in Anantasoft Gazelle CMS 1.0 Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. | 5.0 |
2009-09-11 | CVE-2008-7212 | Mambo Foundation Brilaps | Permissions, Privileges, and Access Controls vulnerability in multiple products MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message. | 5.0 |
2009-09-11 | CVE-2008-7203 | Valvesoftware | Resource Management Errors vulnerability in Valvesoftware Counter-Strike 1.6 Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets. | 5.0 |
2009-09-10 | CVE-2009-3078 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | 5.0 |
2009-09-10 | CVE-2009-2797 | Apple Canonical | Information Exposure vulnerability in multiple products The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. | 5.0 |
2009-09-10 | CVE-2009-3151 | Ultrize | Path Traversal vulnerability in Ultrize Timesheet 1.2.2 Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-09-10 | CVE-2008-7199 | Phoenixcontact | Denial-Of-Service vulnerability in Fl Il 24 Bk-Pac Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port 502. | 5.0 |
2009-09-10 | CVE-2008-7195 | Fujitsu | Denial Of Service vulnerability in Fujitsu Interstage HTTP Server Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server Enterprise Edition 7.0.1 for Solaris, allows attackers to cause a denial of service via unknown vectors related to SSL. | 5.0 |
2009-09-10 | CVE-2008-7194 | Fujitsu | Denial Of Service vulnerability in Fujitsu Interstage HTTP Server Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. | 5.0 |
2009-09-09 | CVE-2009-3124 | Ipmotor | Path Traversal vulnerability in Ipmotor Quarkmail Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-09-09 | CVE-2009-3123 | Visavi | Path Traversal vulnerability in Visavi Wap-Motor Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-09-09 | CVE-2009-3115 | Solarwinds | Improper Input Validation vulnerability in Solarwinds Tftp Server SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. | 5.0 |
2009-09-09 | CVE-2009-3113 | Oxid | Unspecified vulnerability in Oxid Eshop Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter. | 5.0 |
2009-09-09 | CVE-2009-3111 | Freeradius | Denial of Service vulnerability in FreeRADIUS Zero-length Tunnel-Password Attributes The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. | 5.0 |
2009-09-09 | CVE-2009-2266 | Oxid | Information Exposure vulnerability in Oxid Eshop OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie. | 5.0 |
2009-09-09 | CVE-2008-7191 | PPS Jussieu | Denial-Of-Service vulnerability in Polipo Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL. | 5.0 |
2009-09-09 | CVE-2008-7187 | Coppermine Gallery | Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4.14 Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message. | 5.0 |
2009-09-09 | CVE-2008-7186 | Coppermine Gallery | Permissions, Privileges, and Access Controls vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4.14 Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. | 5.0 |
2009-09-08 | CVE-2009-3106 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | 5.0 |
2009-09-08 | CVE-2009-3090 | IBM Linux | Denial-Of-Service vulnerability in IBM Tivoli Directory Server 6.0 Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 5.0 |
2009-09-08 | CVE-2009-3087 | IBM Microsoft | Denial-Of-Service vulnerability in IBM Lotus Domino 8.0 Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 5.0 |
2009-09-08 | CVE-2009-3086 | Rubyonrails | Information Exposure vulnerability in Rubyonrails Rails A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. | 5.0 |
2009-09-08 | CVE-2009-3085 | Pidgin | Denial of Service vulnerability in Pidgin Libpurple and Pidgin The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. | 5.0 |
2009-09-08 | CVE-2009-3084 | Pidgin | Improper Input Validation vulnerability in Pidgin Libpurple and Pidgin The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. | 5.0 |
2009-09-08 | CVE-2009-3083 | Pidgin | Buffer Errors vulnerability in Pidgin Libpurple and Pidgin The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. | 5.0 |
2009-09-08 | CVE-2009-2703 | Pidgin | Buffer Errors vulnerability in Pidgin Libpurple and Pidgin libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. | 5.0 |
2009-09-08 | CVE-2008-7180 | Rittwick Banerjee | Improper Input Validation vulnerability in Rittwick Banerjee Telephone Directory 2008 del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable. | 5.0 |
2009-09-08 | CVE-2009-3101 | SUN | Resource Management Errors vulnerability in SUN Opensolaris xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches. | 4.9 |
2009-09-10 | CVE-2009-2794 | Apple | Race Condition vulnerability in Apple Iphone OS The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. | 4.6 |
2009-09-08 | CVE-2009-2632 | CMU | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CMU Cyrus Imap Server 2.2.13/2.3.14 Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. | 4.4 |
2009-09-11 | CVE-2009-3171 | Anantasoft | Cross-Site Scripting vulnerability in Anantasoft Gazelle CMS Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php. | 4.3 |
2009-09-11 | CVE-2009-3167 | Anantasoft | Path Traversal vulnerability in Anantasoft Gazelle CMS 1.0 Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
2009-09-11 | CVE-2008-7216 | Wordpress | Permissions, Privileges, and Access Controls vulnerability in Wordpress Peter'S Math Anti-Spam for Wordpress Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip. | 4.3 |
2009-09-11 | CVE-2008-7213 | Mambo Foundation Brilaps | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter. | 4.3 |
2009-09-11 | CVE-2008-7206 | Stefan Ritt | Cross-Site Scripting vulnerability in Stefan Ritt Elog web Logbook Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS). | 4.3 |
2009-09-11 | CVE-2008-7205 | Virtuemart | Improper Input Validation vulnerability in Virtuemart Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file. | 4.3 |
2009-09-10 | CVE-2009-3162 | Multi Website | Cross-Site Scripting vulnerability in Multi-Website Multi Website 1.5 Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI. | 4.3 |
2009-09-10 | CVE-2009-3155 | Joomla Almondsoft | Cross-Site Scripting vulnerability in Almondsoft COM Aclassf 7.5 Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter. | 4.3 |
2009-09-10 | CVE-2009-3153 | X10Media | Cross-Site Scripting vulnerability in X10Media MP3 Search Engine 1.6.5 Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php. | 4.3 |
2009-09-10 | CVE-2009-3152 | NT | Cross-Site Scripting vulnerability in NT BBS E-Market Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action. | 4.3 |
2009-09-10 | CVE-2009-3149 | Curveriderhq | Path Traversal vulnerability in Curveriderhq Elgg 1.5 Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |
2009-09-10 | CVE-2009-3147 | Allenthusiast | Cross-Site Scripting vulnerability in Allenthusiast Reviewpost PHP PRO B3 Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter. | 4.3 |
2009-09-10 | CVE-2009-3146 | Articlefriend | Cross-Site Scripting vulnerability in Articlefriend Script Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter. | 4.3 |
2009-09-10 | CVE-2008-7202 | Openwebmail Acatysmoof | Cross-Site Scripting vulnerability in Openwebmail.Acatysmoof Openwebmail Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2009-09-10 | CVE-2007-6729 | Zyxel | Cross-Site Scripting vulnerability in Zyxel P-330W Router Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors. | 4.3 |
2009-09-09 | CVE-2009-3121 | Drupal Chris Shattuck | Cross-Site Scripting vulnerability in Chris Shattuck Ajaxtable 5.X1.Xdev Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-09-09 | CVE-2009-3120 | Bigace | Cross-Site Scripting vulnerability in Bigace 2.6 Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2009-09-08 | CVE-2008-7185 | Gnome | Improper Input Validation vulnerability in Gnome Rhythmbox 0.11.5 GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | 4.3 |
2009-09-08 | CVE-2008-7184 | Diigo | Cross-Site Scripting vulnerability in Diigo Toolbar and Diigolet Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment. | 4.3 |
2009-09-08 | CVE-2009-3105 | IBM | Cross-Site Scripting vulnerability in IBM Domino web Access 8.0.1 Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | 4.3 |
2009-09-08 | CVE-2009-3104 | Symantec | Resource Management Errors vulnerability in Symantec products Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors. | 4.3 |
2009-09-08 | CVE-2009-3009 | Rubyonrails | Cross-Site Scripting vulnerability in Rubyonrails Rails Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. | 4.3 |
2009-09-08 | CVE-2008-7175 | Alex Rabe Wordpress | Cross-Site Scripting vulnerability in Alex Rabe Nextgen Gallery Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action. | 4.3 |
2009-09-08 | CVE-2008-7171 | Yanick Bourbeau | Cross-Site Scripting vulnerability in Yanick Bourbeau Lightweight News Portal 1.0B Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php. | 4.3 |
2009-09-08 | CVE-2009-3100 | SUN X ORG | Denial-Of-Service vulnerability in OpenSolaris xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. | 4.0 |
2009-09-08 | CVE-2008-7182 | Netwin | Buffer Errors vulnerability in Netwin Surgemail 3.9E Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-09-11 | CVE-2008-7207 | Rivetcode | Cryptographic Issues vulnerability in Rivetcode Rivettracker 0.1 RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php. | 2.1 |
2009-09-10 | CVE-2009-2796 | Apple | Information Exposure vulnerability in Apple Iphone OS 3.0/3.0.1 The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | 2.1 |
2009-09-10 | CVE-2009-2207 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS 3.0/3.0.1 The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | 2.1 |