Weekly Vulnerabilities Reports > September 21 to 27, 2009

Overview

110 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 109 products from 86 vendors including Joomla, Drupal, Linux, Apple, and PHP. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", and "Permissions, Privileges, and Access Controls".

  • 98 reported vulnerabilities are remotely exploitables.
  • 57 reported vulnerabilities have public exploit available.
  • 49 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 107 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Drupal has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-24 CVE-2009-3354 Andrew Sterling Hanenkamp
Drupal
Multiple Unspecified vulnerability in Drupal REST API Module

Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.

10.0
2009-09-24 CVE-2009-3353 Steve Lockwood
Drupal
Multiple Unspecified vulnerability in Drupal Node2Node Module

Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.

10.0
2009-09-24 CVE-2009-3352 Drupal
Roshan Shah
Multiple Unspecified vulnerability in Drupal 'Quota by Role' Module

Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.

10.0
2009-09-24 CVE-2009-3351 Drupal
Kristy Frey
Multiple Unspecified vulnerability in Drupal Node Browser Module 5.X1.1/5.X2.5

Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.

10.0
2009-09-24 CVE-2009-3350 Roshan Shah
Drupal
Multiple Unspecified vulnerability in Drupal Subdomain Manager Module

Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.

10.0
2009-09-24 CVE-2009-3347 D Link Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in D-Link Dir-400

Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11.

10.0
2009-09-24 CVE-2009-3346 SAP Remote Security vulnerability in SAP Crystal Reports Server 2008

Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11.

10.0
2009-09-24 CVE-2009-3345 SAP Buffer Errors vulnerability in SAP Crystal Reports Server 2008

Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11.

10.0
2009-09-24 CVE-2009-3341 Linksys Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linksys Wrt54Gl

Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11.

10.0
2009-09-25 CVE-2009-3429 Pirateradio Buffer Errors vulnerability in Pirateradio Destiny Media Player 1.61

Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.

9.3
2009-09-25 CVE-2009-3428 Otbcode Buffer Errors vulnerability in Otbcode Easy Music Player 1.0.0.2

Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.

9.3
2009-09-24 CVE-2009-2817 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes

Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.

9.3
2009-09-24 CVE-2009-3364 Ftpshell Buffer Errors vulnerability in Ftpshell 4.1

Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.

9.3
2009-09-24 CVE-2009-3338 Effectmatrix Buffer Errors vulnerability in Effectmatrix Magic Morph 1.95B

Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.

9.3
2009-09-23 CVE-2009-3329 Exeter Buffer Errors vulnerability in Exeter Winplot 1.25.0.1

Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file.

9.3
2009-09-21 CVE-2009-2140 GO OO Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Go-Oo

Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238.

9.3

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-24 CVE-2009-3369 Craig Barratt Permissions, Privileges, and Access Controls vulnerability in Craig Barratt Backuppc 3.1.0

CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.

8.5
2009-09-24 CVE-2009-2680 HP Remote Management Interface Privilege Escalation vulnerability in HP StorageWorks Products

Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmware 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors.

8.5
2009-09-24 CVE-2009-3339 Mcafee Remote Security vulnerability in Mcafee Email and web Security Appliance 5.1

Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11.

7.8
2009-09-23 CVE-2009-3322 Siemens Denial of Service vulnerability in Siemens Gigaset SE361 WLAN Data Flood

The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723.

7.8
2009-09-21 CVE-2009-3280 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1 allows remote attackers to cause a denial of service (soft lockup) via malformed packets.

7.8
2009-09-21 CVE-2009-2744 IBM Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25."

7.8
2009-09-25 CVE-2009-3430 Allomani SQL Injection vulnerability in Allomani Mobile 2.5

SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

7.5
2009-09-25 CVE-2009-3419 Intesync SQL Injection vulnerability in Intesync Miniweb 2.0

SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.

7.5
2009-09-25 CVE-2009-3417 Idojoomla
Joomla
SQL Injection vulnerability in Idojoomla COM Idoblog 1.1

SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.

7.5
2009-09-24 CVE-2009-3365 Traza Code Injection vulnerability in Traza Aurora 1.0.2

PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.

7.5
2009-09-24 CVE-2009-3362 Sznews Code Injection vulnerability in Sznews 2.7

PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

7.5
2009-09-24 CVE-2009-3361 Paul Gibbs SQL Injection vulnerability in Paul Gibbs PHP-Ipnmonitor

SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter.

7.5
2009-09-24 CVE-2009-3358 Tourismscripts SQL Injection vulnerability in Tourismscripts Adult Portal Escort Listing

SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

7.5
2009-09-24 CVE-2009-3357 Joomla
Joomlahbs
SQL Injection vulnerability in Joomlahbs COM Hbssearch

Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.

7.5
2009-09-24 CVE-2009-3356 Plohni SQL Injection vulnerability in Plohni Image Voting 1.0

SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter.

7.5
2009-09-24 CVE-2009-3349 Datavore SQL Injection vulnerability in Datavore Gyro 5.0

SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.

7.5
2009-09-24 CVE-2009-3343 Hotwebscripts SQL Injection vulnerability in Hotwebscripts Hotweb Rentals

SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.

7.5
2009-09-24 CVE-2009-3342 Joomla
Alphaplug
SQL Injection vulnerability in Alphaplug COM Alphauserpoints 1.5.2

SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.

7.5
2009-09-24 CVE-2009-3337 S9Y SQL Injection vulnerability in S9Y Serendipity Event Freetag

SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.

7.5
2009-09-24 CVE-2009-3336 Phpprobid SQL Injection vulnerability in PHPprobid PHP PRO BID

SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter.

7.5
2009-09-24 CVE-2009-3335 Joomla
Turtus
SQL Injection vulnerability in Turtus Turtushout 0.11

SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.

7.5
2009-09-23 CVE-2009-3334 Lhacky
Joomla
SQL Injection vulnerability in Lhacky COM Jinc 0.2

SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.

7.5
2009-09-23 CVE-2009-3333 Mambo
Alibasta
Code Injection vulnerability in Alibasta COM Koesubmit 1.0

PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2009-09-23 CVE-2009-3332 Sopinet
Joomla
SQL Injection vulnerability in Sopinet COM Jbudgetsmagic 0.3.2/0.4.0

SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.

7.5
2009-09-23 CVE-2009-3331 Ddlcms Code Injection vulnerability in Ddlcms DDL CMS 1.0

Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to (1) header.php, (2) submit.php, (3) submitted.php, and (4) autosubmitter/index.php.

7.5
2009-09-23 CVE-2009-3327 Webilix SQL Injection vulnerability in Webilix Wx-Guestbook 1.1.208

Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php.

7.5
2009-09-23 CVE-2009-3326 Cmscontrol SQL Injection vulnerability in Cmscontrol 7

SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter.

7.5
2009-09-23 CVE-2009-3325 Focusdev
Joomla
SQL Injection vulnerability in Focusdev COM Surveymanager 1.5.0

SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.

7.5
2009-09-23 CVE-2009-3324 Andres G Aragoneses Code Injection vulnerability in Andres G Aragoneses Prodler 1.1

PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter.

7.5
2009-09-23 CVE-2009-3323 Robig Code Injection vulnerability in Robig Barosmini 0.32.595

Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/.

7.5
2009-09-23 CVE-2009-3319 Dimofinf SQL Injection vulnerability in Dimofinf Dawaween 1.03

SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.

7.5
2009-09-23 CVE-2009-3318 Joomla
Breedveld
Path Traversal vulnerability in Breedveld COM Album 1.14

Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a ..

7.5
2009-09-23 CVE-2009-3317 Thecodeweasel Code Injection vulnerability in Thecodeweasel Opensiteadmin 0.9.7

PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.

7.5
2009-09-23 CVE-2009-3316 Joomla
Jforjoomla
SQL Injection vulnerability in Jforjoomla COM Jreservation 1.0/1.5

SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.

7.5
2009-09-23 CVE-2009-3315 Nelogic SQL Injection vulnerability in Nelogic Nephp Publisher 3.5.9/4.5

SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.

7.5
2009-09-23 CVE-2009-3314 Eliteladders SQL Injection vulnerability in Eliteladders Elite Gaming Ladders 3.2

SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.

7.5
2009-09-23 CVE-2009-3310 Shalwan SQL Injection vulnerability in Shalwan Zainu 1.0

SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action.

7.5
2009-09-23 CVE-2009-3309 Cfshopkart SQL Injection vulnerability in Cfshopkart CF Shopkart 5.4

SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320.

7.5
2009-09-23 CVE-2009-3308 Fanupdate SQL Injection vulnerability in Fanupdate 2.2.1

SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.

7.5
2009-09-23 CVE-2009-3307 Frank Lichtenheld Code Injection vulnerability in Frank Lichtenheld Fsphp 0.2.1

Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/.

7.5
2009-09-23 CVE-2009-3306 Richrumble Code Injection vulnerability in Richrumble Clearsite 4.50

PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter.

7.5
2009-09-22 CVE-2009-3293 PHP Unspecified vulnerability in PHP

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

7.5
2009-09-22 CVE-2009-3292 PHP Unspecified vulnerability in PHP

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."

7.5
2009-09-22 CVE-2009-3291 PHP Improper Input Validation vulnerability in PHP

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

7.5
2009-09-22 CVE-2009-3287 Macournoyer Improper Input Validation vulnerability in Macournoyer Thin

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.

7.5
2009-09-21 CVE-2009-3273 Apple Cryptographic Issues vulnerability in Apple Iphone OS

iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.

7.5
2009-09-24 CVE-2009-3390 SUN Local Security vulnerability in OpenSolaris

Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library.

7.2
2009-09-24 CVE-2009-2682 HP Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux B.11.23/B.11.31

Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.

7.2
2009-09-22 CVE-2009-3290 Linux Resource Management Errors vulnerability in Linux Kernel

The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."

7.2

44 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-21 CVE-2009-2939 Postfix
Debian
Ubuntu
Link Following vulnerability in Postfix 2.5.5

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.

6.9
2009-09-25 CVE-2009-3426 Databay Code Injection vulnerability in Databay Maxcms 3.11.20B

PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter.

6.8
2009-09-25 CVE-2009-3424 Databay Code Injection vulnerability in Databay Maxcms 3.11.20B

Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) is_projectPath parameter to includes/InstantSite/inc.is_root.php; GLOBALS[thCMS_root] parameter to (2) classes/class.Tree.php, (3) includes/inc.thcms_admin_mediamanager.php, and (4) modul/mod.rssreader.php; is_path parameter to (5) class.tasklist.php, (6) class.thcms.php, (7) class.thcms_content.php, (8) class.thcms_modul_parent.php, (9) class.thcms_page.php, and (10) class.thcsm_user.php in classes/; and (11) includes/InstantSite/class.Tree.php; and thCMS_root parameter to (12) classes/class.thcms_modul.php; (13) inc.page_edit_tasklist.php, (14) inc.thcms_admin_overview_backup.php, and (15) inc.thcms_edit_content.php in includes/; and (16) class.thcms_modul_parent_xml.php, (17) mod.cmstranslator.php, (18) mod.download.php, (19) mod.faq.php, (20) mod.guestbook.php, (21) mod.html.php, (22) mod.menu.php, (23) mod.news.php, (24) mod.newsticker.php, (25) mod.rss.php, (26) mod.search.php, (27) mod.sendtofriend.php, (28) mod.sitemap.php, (29) mod.tagdoc.php, (30) mod.template.php, (31) mod.test.php, (32) mod.text.php, (33) mod.upload.php, and (34) mod.users.php in modul/.

6.8
2009-09-25 CVE-2009-3423 Zenas Improper Authentication vulnerability in Zenas Paolink 1.0

login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.

6.8
2009-09-25 CVE-2009-3422 Zenas Improper Authentication vulnerability in Zenas Paoliber 1.1

login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.

6.8
2009-09-25 CVE-2009-3421 Zenas Permissions, Privileges, and Access Controls vulnerability in Zenas Pao-Bacheca Guestbook 2.1

login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.

6.8
2009-09-23 CVE-2009-3330 Cpecreator SQL Injection vulnerability in Cpecreator CP Creator 2.7.1

SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action.

6.8
2009-09-23 CVE-2009-3321 Saphplesson SQL Injection vulnerability in Saphplesson 4.3

SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.

6.8
2009-09-23 CVE-2009-3312 Tomex Code Injection vulnerability in Tomex PHPpollscript

PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter.

6.8
2009-09-25 CVE-2009-3418 Plume CMS SQL Injection vulnerability in Plume-Cms Plume CMS 1.2.3

Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php.

6.5
2009-09-23 CVE-2009-3313 Fmyclone SQL Injection vulnerability in Fmyclone 2.3

Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php.

6.5
2009-09-21 CVE-2009-3200 Qnap Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.

5.9
2009-09-25 CVE-2009-3431 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method.

5.0
2009-09-25 CVE-2009-3425 Databay Path Traversal vulnerability in Databay Maxcms 3.11.20B

Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.

5.0
2009-09-24 CVE-2009-3366 Plohni Path Traversal vulnerability in Plohni AN Image Gallery 1.0

Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a ..

5.0
2009-09-24 CVE-2009-3344 Microsoft
SAP
Remote vulnerability in SAP Crystal Reports Server 2008

Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11.

5.0
2009-09-24 CVE-2009-3340 Freesshd Denial-Of-Service vulnerability in Freesshd 1.2.4

Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

5.0
2009-09-22 CVE-2009-3294 PHP
Microsoft
USE of Externally-Controlled Format String vulnerability in PHP

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library.

5.0
2009-09-22 CVE-2009-3284 Phpspot Path Traversal vulnerability in PHPspot products

Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2009-09-21 CVE-2009-3277 Xenu BY Denial-Of-Service vulnerability in Datavault

DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability.

5.0
2009-09-21 CVE-2009-3276 Nasd Denial-Of-Service vulnerability in Corenet1

Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability.

5.0
2009-09-21 CVE-2009-3275 Microsoft USE of Externally-Controlled Format String vulnerability in Microsoft Enterprise Library 3.1/4.0/4.1

Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability.

5.0
2009-09-21 CVE-2009-3272 Apple Resource Management Errors vulnerability in Apple Safari

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

5.0
2009-09-22 CVE-2009-3288 Kernel
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD.

4.9
2009-09-21 CVE-2009-3279 Qnap Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.

4.9
2009-09-21 CVE-2009-3278 Qnap Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.

4.9
2009-09-22 CVE-2009-3286 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.18

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.

4.6
2009-09-22 CVE-2009-3289 Gnome Permissions, Privileges, and Access Controls vulnerability in Gnome Glib 2.0

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

4.4
2009-09-21 CVE-2009-3274 Mozilla
Linux
Unspecified vulnerability in Mozilla Firefox

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component.

4.4
2009-09-25 CVE-2009-3427 Kayako Cross-Site Scripting vulnerability in Kayako Supportsuite 3.50.06

Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket.

4.3
2009-09-25 CVE-2009-3420 Intesync Cross-Site Scripting vulnerability in Intesync Miniweb 2.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO.

4.3
2009-09-24 CVE-2009-3368 Joomlahbs
Joomla
Cross-Site Scripting vulnerability in Joomlahbs COM Hbssearch

Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.

4.3
2009-09-24 CVE-2009-3367 Plohni Cross-Site Scripting vulnerability in Plohni AN Image Gallery 1.0

Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php.

4.3
2009-09-24 CVE-2009-3363 Drupal
Ufku Bayburt
Cross-Site Scripting vulnerability in Ufku Bayburt Bueditor

Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."

4.3
2009-09-24 CVE-2009-3360 Datemill Cross-Site Scripting vulnerability in Datemill 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.

4.3
2009-09-24 CVE-2009-3359 Datetopia Cross-Site Scripting vulnerability in Datetopia Match Agency BIZ 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.

4.3
2009-09-24 CVE-2009-3355 Datetopia Cross-Site Scripting vulnerability in Datetopia BUY Dating Site 1.0

Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.

4.3
2009-09-24 CVE-2009-3348 Datavore Cross-Site Scripting vulnerability in Datavore Gyro 5.0

Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.

4.3
2009-09-23 CVE-2009-3328 Webilix Cross-Site Scripting vulnerability in Webilix Wx-Guestbook 1.1.208

Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field).

4.3
2009-09-23 CVE-2009-3320 Zenas Cross-Site Scripting vulnerability in Zenas Paolink 1.0

Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-09-23 CVE-2009-3311 Rssmediascript Cross-Site Scripting vulnerability in Rssmediascript

Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2009-09-22 CVE-2009-3283 Phpspot Cross-Site Scripting vulnerability in PHPspot products

Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies.

4.3
2009-09-21 CVE-2009-3271 Apple Improper Input Validation vulnerability in Apple Iphone OS and Safari

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

4.3
2009-09-21 CVE-2009-2742 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-21 CVE-2009-2743 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.

2.1