Weekly Vulnerabilities Reports > September 14 to 20, 2009

Overview

125 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 102 products from 82 vendors including Apple, Oracle, Vtiger, JCE Tech, and Microsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".

  • 117 reported vulnerabilities are remotely exploitables.
  • 24 reported vulnerabilities have public exploit available.
  • 59 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 110 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Vtiger has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-18 CVE-2009-2741 IBM Remote Security vulnerability in WebSphere Business Events 6.1/6.2

Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2009-09-14 CVE-2008-7232 Netplex Tech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netplex-Tech Xtacacsd

Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.

10.0
2009-09-14 CVE-2008-7230 Chris Buccella Remote Security vulnerability in Chris Buccella Small Footprint CIM Broker 1.2.2/1.2.3

Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors.

10.0
2009-09-14 CVE-2008-7228 White Dune USE of Externally-Controlled Format String vulnerability in White Dune White Dune

Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101.

10.0
2009-09-14 CVE-2008-7225 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware WAC Server 2.0

Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.

10.0
2009-09-18 CVE-2009-3254 Ultimatevideosite Buffer Errors vulnerability in Ultimatevideosite Ultimate Player 1.56

Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.

9.3
2009-09-18 CVE-2009-3253 Tricerasoft Buffer Errors vulnerability in Tricerasoft Swift Ultralite 1.032

Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.

9.3
2009-09-18 CVE-2009-3244 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.

9.3
2009-09-16 CVE-2009-3221 Basicunivers Free FR Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Basicunivers.Free.Fr Audio LIB Player

Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file.

9.3
2009-09-16 CVE-2009-3214 Photodex Buffer Errors vulnerability in Photodex Proshow Gold 4.0.2549

Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields.

9.3
2009-09-16 CVE-2009-3213 Broid Buffer Errors vulnerability in Broid 1.0

Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file.

9.3
2009-09-14 CVE-2008-7233 Oracle Multiple vulnerability in Oracle Application Server and E-Business Suite 11I

Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator component, aka AS02.

9.3
2009-09-18 CVE-2009-3258 Vtiger Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors.

9.0
2009-09-18 CVE-2009-3250 Vtiger Improper Input Validation vulnerability in Vtiger CRM 5.0.4

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php.

9.0

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-18 CVE-2009-3241 Wireshark Multiple vulnerability in Wireshark 1.2.1

Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.

7.8
2009-09-14 CVE-2008-7224 Elinks Buffer Errors vulnerability in Elinks 0.11.1/0.11.11/0.11.2

Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.

7.8
2009-09-18 CVE-2009-3261 Livestreet Improper Authentication vulnerability in Livestreet 0.2

update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors.

7.5
2009-09-18 CVE-2009-3259 Thomas Cuchta SQL Injection vulnerability in Thomas Cuchta Rash 1.2.2

Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the quote parameter in a quote addition, or (3) a User_Name cookie in unspecified administrative actions.

7.5
2009-09-18 CVE-2009-3252 Dave Robinson SQL Injection vulnerability in Dave Robinson Rockbandcms 0.10

Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.

7.5
2009-09-18 CVE-2009-3249 Vtiger Path Traversal vulnerability in Vtiger CRM 5.0.4

Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2009-09-18 CVE-2009-3246 Mybuxscript SQL Injection vulnerability in Mybuxscript Pts-Bux

SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI.

7.5
2009-09-17 CVE-2008-7240 Linuxwebshop Path Traversal vulnerability in Linuxwebshop PHP User Base 1.3

Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter.

7.5
2009-09-17 CVE-2009-3235 Dovecot Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dovecot

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

7.5
2009-09-16 CVE-2009-3226 Almondsoft SQL Injection vulnerability in Almondsoft Affiliate Network Classifieds and Almond Classifieds

SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action.

7.5
2009-09-16 CVE-2009-3224 68Classifieds
Classified Software
SQL Injection vulnerability in Classified-Software Super MOD System

SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.

7.5
2009-09-16 CVE-2009-3220 Tecnick Code Injection vulnerability in Tecnick Aiocp 1.4.001

PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2009-09-16 CVE-2009-3217 Wiccle SQL Injection vulnerability in Wiccle Iwiccle 1.01

SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.

7.5
2009-09-16 CVE-2009-3215 PHP Shop System
Joomla
SQL Injection vulnerability in PHP-Shop-System Ixxo Cart

SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.

7.5
2009-09-16 CVE-2009-3209 Raizlabs SQL Injection vulnerability in Raizlabs PHP Email Manager 3.3.0

SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2009-09-16 CVE-2009-3208 Prakashatma Mishra SQL Injection vulnerability in Prakashatma Mishra PHPfreebb 1.0

Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.

7.5
2009-09-16 CVE-2009-3205 Cbauthority SQL Injection vulnerability in Cbauthority

SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.

7.5
2009-09-16 CVE-2009-3203 Ajsquare SQL Injection vulnerability in Ajsquare AJ Auction Pro-Oopd 2.0

SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-09-15 CVE-2009-3165 Mozilla SQL Injection vulnerability in Mozilla Bugzilla

SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

7.5
2009-09-15 CVE-2009-3125 Mozilla SQL Injection vulnerability in Mozilla Bugzilla

SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

7.5
2009-09-15 CVE-2009-2629 F5
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

7.5
2009-09-15 CVE-2009-3193 Joomla
Uwix
SQL Injection vulnerability in Uwix COM Digifolio 1.52

SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.

7.5
2009-09-15 CVE-2009-3190 PAD Site Scripts SQL Injection vulnerability in Pad-Site-Scripts PAD Site Scripts 3.6

Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php.

7.5
2009-09-15 CVE-2009-3188 David Frohlich Code Injection vulnerability in David Frohlich PHPsane 0.5.0

PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter.

7.5
2009-09-15 CVE-2009-3185 Comsenz SQL Injection vulnerability in Comsenz Crazy Star Plugin 2.0

SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.

7.5
2009-09-14 CVE-2008-7229 Greensql Permissions, Privileges, and Access Controls vulnerability in Greensql Firewall 0.9.2

GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20).

7.5
2009-09-14 CVE-2008-7226 PHP Nuke
Phpnuke
SQL Injection vulnerability in PHP-Nuke Recipe Module 1.3/1.4

SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.

7.5
2009-09-17 CVE-2009-3233 Cameron Morland OS Command Injection vulnerability in Cameron Morland Changetrack 4.3

changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.

7.2
2009-09-14 CVE-2009-3183 SUN Buffer Errors vulnerability in SUN Opensolaris and Solaris

Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.

7.2
2009-09-14 CVE-2009-2807 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.

7.2

75 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-18 CVE-2009-3255 Thomas Cuchta SQL Injection vulnerability in Thomas Cuchta Rash

SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI.

6.8
2009-09-18 CVE-2009-3248 Vtiger Cross-Site Request Forgery (CSRF) vulnerability in Vtiger CRM 5.0.4

Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.

6.8
2009-09-17 CVE-2008-7243 Modxcms Cross-Site Request Forgery (CSRF) vulnerability in Modxcms 0.9.6.1

Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php.

6.8
2009-09-17 CVE-2008-7241 Punbb Cross-Site Request Forgery (CSRF) vulnerability in Punbb

Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.

6.8
2009-09-16 CVE-2009-3219 THE Ghost Path Traversal vulnerability in The-Ghost AR web Content Manager 2.1

Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2009-09-16 CVE-2009-3218 THE Ghost SQL Injection vulnerability in The-Ghost AR web Content Manager 2.1

SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8
2009-09-16 CVE-2009-3212 Dimofinf SQL Injection vulnerability in Dimofinf Infinity Script 2.0.5

SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field.

6.8
2009-09-16 CVE-2009-3211 Dimofinf Path Traversal vulnerability in Dimofinf Infinity Script 2.0.5

Directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

6.8
2009-09-16 CVE-2009-3207 Drupal
Drewish
Permissions, Privileges, and Access Controls vulnerability in Drewish Imagecache

The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.

6.8
2009-09-14 CVE-2009-2812 Apple Remote Code Execution vulnerability in Apple Mac OS X Launch Services

Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.

6.8
2009-09-14 CVE-2009-2811 Apple Code Injection vulnerability in Apple mac OS X and mac OS X Server

Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.

6.8
2009-09-14 CVE-2009-2809 Apple Code Injection vulnerability in Apple mac OS X and mac OS X Server

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

6.8
2009-09-14 CVE-2009-2805 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

6.8
2009-09-14 CVE-2009-2804 Apple
Microsoft
Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Safari

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8
2009-09-14 CVE-2009-2803 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

6.8
2009-09-14 CVE-2008-7234 Oracle Unspecified vulnerability in Oracle Application Server 10.1.2.2/10.1.3.3

Unspecified vulnerability in the Oracle BPEL Worklist Application component in Oracle Application Server 10.1.2.2 and 10.1.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, aka AS03.

6.8
2009-09-14 CVE-2008-7221 Runcms Cross-Site Request Forgery (CSRF) vulnerability in Runcms 1.6.1

Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.

6.8
2009-09-17 CVE-2009-3230 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges.

6.5
2009-09-16 CVE-2009-3223 Inoutscripts SQL Injection vulnerability in Inoutscripts Inout Adserver

SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

6.5
2009-09-14 CVE-2009-2813 Samba
Apple
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.

6.0
2009-09-14 CVE-2008-7238 Oracle Multiple vulnerability in Oracle E-Business Suite 12.0.3

Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07).

6.0
2009-09-18 CVE-2009-3238 Linux
Canonical
Opensuse
Suse
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

5.5
2009-09-18 CVE-2009-3270 Microsoft Resource Exhaustion vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5.0
2009-09-18 CVE-2009-3269 Opera Resource Management Errors vulnerability in Opera Browser

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.

5.0
2009-09-18 CVE-2009-3268 Google Resource Management Errors vulnerability in Google Chrome

Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.

5.0
2009-09-18 CVE-2009-3267 Microsoft Resource Exhaustion vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.

5.0
2009-09-18 CVE-2008-7246 Google Resource Management Errors vulnerability in Google Chrome

Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5.0
2009-09-18 CVE-2008-7245 Opera Resource Management Errors vulnerability in Opera Browser

Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5.0
2009-09-18 CVE-2008-7244 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5.0
2009-09-18 CVE-2009-3243 Wireshark
Microsoft
Multiple vulnerability in Wireshark 1.2.0/1.2.1

Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.

5.0
2009-09-18 CVE-2009-3242 Wireshark Multiple vulnerability in Wireshark 1.2.0/1.2.1

Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.

5.0
2009-09-15 CVE-2009-3166 Mozilla Credentials Management vulnerability in Mozilla Bugzilla 3.4/3.4.1

token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

5.0
2009-09-15 CVE-2009-3199 Uebimiau Information Exposure vulnerability in Uebimiau 3.2.02.0

Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.

5.0
2009-09-14 CVE-2008-7239 Oracle Multiple vulnerability in Oracle E-Business Suite 11I 11.5.10.2

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to affect confidentiality via unknown vectors related to the (1) Oracle Application Object Library (APP02) and (2) Oracle Applications Manager (APP04).

5.0
2009-09-14 CVE-2008-7227 Geoserver Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Geoserver

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.

5.0
2009-09-17 CVE-2009-3234 Linux Buffer Errors vulnerability in Linux Kernel 2.6.31

Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call.

4.9
2009-09-18 CVE-2009-2793 Netbsd Permissions, Privileges, and Access Controls vulnerability in Netbsd

The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.

4.6
2009-09-18 CVE-2009-1883 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.9

The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.

4.4
2009-09-18 CVE-2009-3266 Opera Cross-Site Scripting vulnerability in Opera Browser

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content."

4.3
2009-09-18 CVE-2009-3265 Opera Cross-Site Scripting vulnerability in Opera Browser 10.00/9.0

Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability.

4.3
2009-09-18 CVE-2009-3264 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.

4.3
2009-09-18 CVE-2009-3263 Google Cross-Site Scripting vulnerability in Google Chrome

Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content." Per http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded VII.

4.3
2009-09-18 CVE-2009-3260 Livestreet Cross-Site Scripting vulnerability in Livestreet 0.2

Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.

4.3
2009-09-18 CVE-2009-3256 Livestreet Cross-Site Scripting vulnerability in Livestreet 0.2

Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.

4.3
2009-09-18 CVE-2009-3247 Vtiger Cross-Site Scripting vulnerability in Vtiger CRM 5.0.4

Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php.

4.3
2009-09-18 CVE-2009-3240 Ohwada
Xoops
Cross-Site Scripting vulnerability in Ohwada Xf-Section 1.12A

Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-09-18 CVE-2009-2937 Intertwingly Cross-Site Scripting vulnerability in Intertwingly Planet and Planet Venus

Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.

4.3
2009-09-17 CVE-2008-7242 Modxcms Cross-Site Scripting vulnerability in Modxcms 0.9.6.1

Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.

4.3
2009-09-17 CVE-2009-3237 Horde Cross-Site Scripting vulnerability in Horde products

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "text parts" that are not properly handled in the MIME viewer library (config/mime_drivers.php).

4.3
2009-09-17 CVE-2009-3236 Horde Unspecified vulnerability in Horde Application Framework and Groupware

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.

4.3
2009-09-16 CVE-2009-3227 Almondsoft Cross-Site Scripting vulnerability in Almondsoft Affiliate Network Classifieds and Almond Classifieds

Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action.

4.3
2009-09-16 CVE-2009-3225 Almondsoft Cross-Site Scripting vulnerability in Almondsoft Almond Classifieds

Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php.

4.3
2009-09-16 CVE-2009-3216 Wiccle Path Traversal vulnerability in Wiccle Iwiccle 1.01

Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a ..

4.3
2009-09-16 CVE-2009-3204 Stivaforum Cross-Site Scripting vulnerability in Stivaforum Stiva Forum 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php.

4.3
2009-09-16 CVE-2009-3202 Uloki Cross-Site Scripting vulnerability in Uloki PHP Forum 2.1

Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter.

4.3
2009-09-15 CVE-2009-3201 ROB Schultz Numeric Errors vulnerability in ROB Schultz Media Player Classic 6.4.9

Integer overflow in Media Player Classic 6.4.9 allows user-assisted remote attackers to cause a denial of service (application crash) via a MIDI file (.mid) with a malformed header, which triggers a buffer overflow, a different vulnerability than CVE-2007-4940.

4.3
2009-09-15 CVE-2009-2945 Stanford Credentials Management vulnerability in Stanford Webauth 3.5.5/3.6.0/3.6.1

weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

4.3
2009-09-15 CVE-2009-3198 JCE Tech Cross-Site Scripting vulnerability in Jce-Tech Affiliate Master Datafeed Parser 2.0

Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2009-09-15 CVE-2009-3197 JCE Tech Cross-Site Scripting vulnerability in Jce-Tech PHP Calendars Script

Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2009-09-15 CVE-2009-3196 JCE Tech Cross-Site Scripting vulnerability in Jce-Tech PHP Video Script

Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.

4.3
2009-09-15 CVE-2009-3195 JCE Tech Cross-Site Scripting vulnerability in Jce-Tech Auction RSS Content Script 3.0

Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.

4.3
2009-09-15 CVE-2009-3194 JCE Tech Cross-Site Scripting vulnerability in Jce-Tech Searchfeed Script

Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2009-09-15 CVE-2009-3192 Linkorcms Cross-Site Scripting vulnerability in Linkorcms 1.1/1.2

Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2) nikname, (3) realname, (4) homepage, or (5) city parameter in a registration action.

4.3
2009-09-15 CVE-2009-3191 PAD Site Scripts Cross-Site Scripting vulnerability in Pad-Site-Scripts PAD Site Scripts 3.6

Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php.

4.3
2009-09-15 CVE-2009-3189 Digioz Cross-Site Scripting vulnerability in Digioz Guestbook 1.7.2

Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.

4.3
2009-09-15 CVE-2009-3187 Standalonearcade Cross-Site Scripting vulnerability in Standalonearcade SAA 1.1

Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2009-09-15 CVE-2009-3186 Videogirls Cross-Site Scripting vulnerability in Videogirls BIZ

Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.

4.3
2009-09-14 CVE-2009-2814 Apple Cross-Site Scripting vulnerability in Apple mac OS X Server 10.5.8

Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.

4.3
2009-09-14 CVE-2008-7236 Oracle Unspecified vulnerability in Oracle Application Server 10.1.2.2/10.1.3.1

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 and 10.1.3.1 allows remote attackers to affect integrity via unknown vectors, aka AS05.

4.3
2009-09-14 CVE-2008-7235 Oracle Unspecified vulnerability in Oracle Application Server and E-Business Suite

Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04.

4.3
2009-09-14 CVE-2008-7223 Linpha Cross-Site Scripting vulnerability in Linpha

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.

4.3
2009-09-14 CVE-2008-7222 Runcms Cross-Site Scripting vulnerability in Runcms 1.6.1

Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action.

4.3
2009-09-18 CVE-2009-3251 Vtiger Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM

include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view.

4.0
2009-09-17 CVE-2009-3229 Postgresql Multiple Security vulnerability in PostgreSQL

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.

4.0
2009-09-14 CVE-2008-7237 Oracle Unspecified vulnerability in Oracle Application Server 10.1.2.2/9.0.4.3

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-18 CVE-2009-3257 Vtiger Permissions, Privileges, and Access Controls vulnerability in Vtiger CRM

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile.

3.6
2009-09-18 CVE-2009-3262 IBM Cross-Site Scripting vulnerability in IBM Tivoli Identity Manager 5.0.0.5

Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.

3.5
2009-09-16 CVE-2009-3210 Drupal
Joao Ventura
Cross-Site Scripting vulnerability in Joao Ventura Print

Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2009-09-16 CVE-2009-3206 Drupal
Drewish
Cross-Site Scripting vulnerability in Drewish Imagecache

Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors.

3.5
2009-09-14 CVE-2008-7231 Meridio Cross-Site Scripting vulnerability in Meridio Document and Records Management 4.2

Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) or (2) container (subGeneralProps:dmpvContainerTitle:PROP_W_title).

3.5
2009-09-15 CVE-2009-2201 Apple Cryptographic Issues vulnerability in Apple Xsan 1.0/1.2/1.3

The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.

2.1