Weekly Vulnerabilities Reports > September 21 to 27, 2009
Overview
105 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 48 high severity vulnerabilities. This weekly summary report vulnerabilities in 108 products from 86 vendors including Joomla, Drupal, Apple, PHP, and Zenas. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", and "Path Traversal".
- 96 reported vulnerabilities are remotely exploitables.
- 57 reported vulnerabilities have public exploit available.
- 49 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 101 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Drupal has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-09-24 | CVE-2009-3354 | Andrew Sterling Hanenkamp Drupal | Multiple Unspecified vulnerability in Drupal REST API Module Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3353 | Steve Lockwood Drupal | Multiple Unspecified vulnerability in Drupal Node2Node Module Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3352 | Drupal | Unspecified vulnerability in Drupal Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3351 | Drupal Kristy Frey | Multiple Unspecified vulnerability in Drupal Node Browser Module 5.X1.1/5.X2.5 Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3350 | Roshan Shah Drupal | Multiple Unspecified vulnerability in Drupal Subdomain Manager Module Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3347 | D Link | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in D-Link Dir-400 Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. | 10.0 |
| 2009-09-24 | CVE-2009-3346 | SAP | Remote Security vulnerability in SAP Crystal Reports Server 2008 Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. | 10.0 |
| 2009-09-24 | CVE-2009-3345 | SAP | Buffer Errors vulnerability in SAP Crystal Reports Server 2008 Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. | 10.0 |
| 2009-09-24 | CVE-2009-3341 | Linksys | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linksys Wrt54Gl Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. | 10.0 |
| 2009-09-25 | CVE-2009-3421 | Zenas | Improper Authentication vulnerability in Zenas Pao-Bacheca Guestbook 2.1 login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | 9.8 |
| 2009-09-25 | CVE-2009-3429 | Pirateradio | Buffer Errors vulnerability in Pirateradio Destiny Media Player 1.61 Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file. | 9.3 |
| 2009-09-25 | CVE-2009-3428 | Otbcode | Buffer Errors vulnerability in Otbcode Easy Music Player 1.0.0.2 Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file. | 9.3 |
| 2009-09-24 | CVE-2009-2817 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. | 9.3 |
| 2009-09-24 | CVE-2009-3364 | Ftpshell | Buffer Errors vulnerability in Ftpshell 4.1 Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | 9.3 |
| 2009-09-24 | CVE-2009-3338 | Effectmatrix | Buffer Errors vulnerability in Effectmatrix Magic Morph 1.95B Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file. | 9.3 |
| 2009-09-23 | CVE-2009-3329 | Exeter | Buffer Errors vulnerability in Exeter Winplot 1.25.0.1 Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file. | 9.3 |
| 2009-09-21 | CVE-2009-2140 | GO OO | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Go-Oo Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238. | 9.3 |
48 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-09-24 | CVE-2009-3369 | Craig Barratt | Permissions, Privileges, and Access Controls vulnerability in Craig Barratt Backuppc 3.1.0 CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore. | 8.5 |
| 2009-09-24 | CVE-2009-2680 | HP | Remote Management Interface Privilege Escalation vulnerability in HP StorageWorks Products Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmware 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors. | 8.5 |
| 2009-09-24 | CVE-2009-3339 | Mcafee | Remote Security vulnerability in Mcafee Email and web Security Appliance 5.1 Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. | 7.8 |
| 2009-09-23 | CVE-2009-3322 | Siemens | Denial of Service vulnerability in Siemens Gigaset SE361 WLAN Data Flood The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723. | 7.8 |
| 2009-09-22 | CVE-2009-3289 | Gnome Opensuse Suse | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | 7.8 |
| 2009-09-21 | CVE-2009-2744 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." | 7.8 |
| 2009-09-25 | CVE-2009-3430 | Allomani | SQL Injection vulnerability in Allomani Mobile 2.5 SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | 7.5 |
| 2009-09-25 | CVE-2009-3419 | Intesync | SQL Injection vulnerability in Intesync Miniweb 2.0 SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter. | 7.5 |
| 2009-09-25 | CVE-2009-3417 | Idojoomla Joomla | SQL Injection vulnerability in Idojoomla COM Idoblog 1.1 SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627. | 7.5 |
| 2009-09-24 | CVE-2009-3365 | Traza | Code Injection vulnerability in Traza Aurora 1.0.2 PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3362 | Sznews | Code Injection vulnerability in Sznews 2.7 PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3361 | Paul Gibbs | SQL Injection vulnerability in Paul Gibbs PHP-Ipnmonitor SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3358 | Tourismscripts | SQL Injection vulnerability in Tourismscripts Adult Portal Escort Listing SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3357 | Joomla Joomlahbs | SQL Injection vulnerability in Joomlahbs COM Hbssearch Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875. | 7.5 |
| 2009-09-24 | CVE-2009-3356 | Plohni | SQL Injection vulnerability in Plohni Image Voting 1.0 SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3349 | Datavore | SQL Injection vulnerability in Datavore Gyro 5.0 SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component. | 7.5 |
| 2009-09-24 | CVE-2009-3343 | Hotwebscripts | SQL Injection vulnerability in Hotwebscripts Hotweb Rentals SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3342 | Joomla Alphaplug | SQL Injection vulnerability in Alphaplug COM Alphauserpoints 1.5.2 SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3337 | S9Y | SQL Injection vulnerability in S9Y Serendipity Event Freetag SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry. | 7.5 |
| 2009-09-24 | CVE-2009-3336 | Phpprobid | SQL Injection vulnerability in PHPprobid PHP PRO BID SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter. | 7.5 |
| 2009-09-24 | CVE-2009-3335 | Joomla Turtus | SQL Injection vulnerability in Turtus Turtushout 0.11 SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field. | 7.5 |
| 2009-09-23 | CVE-2009-3334 | Lhacky Joomla | SQL Injection vulnerability in Lhacky COM Jinc 0.2 SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3333 | Mambo Alibasta | Code Injection vulnerability in Alibasta COM Koesubmit 1.0 PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2009-09-23 | CVE-2009-3332 | Sopinet Joomla | SQL Injection vulnerability in Sopinet COM Jbudgetsmagic 0.3.2/0.4.0 SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3331 | Ddlcms | Code Injection vulnerability in Ddlcms DDL CMS 1.0 Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to (1) header.php, (2) submit.php, (3) submitted.php, and (4) autosubmitter/index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3327 | Webilix | SQL Injection vulnerability in Webilix Wx-Guestbook 1.1.208 Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. | 7.5 |
| 2009-09-23 | CVE-2009-3326 | Cmscontrol | SQL Injection vulnerability in Cmscontrol 7 SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter. | 7.5 |
| 2009-09-23 | CVE-2009-3325 | Focusdev Joomla | SQL Injection vulnerability in Focusdev COM Surveymanager 1.5.0 SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3324 | Andres G Aragoneses | Code Injection vulnerability in Andres G Aragoneses Prodler 1.1 PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter. | 7.5 |
| 2009-09-23 | CVE-2009-3323 | Robig | Code Injection vulnerability in Robig Barosmini 0.32.595 Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/. | 7.5 |
| 2009-09-23 | CVE-2009-3319 | Dimofinf | SQL Injection vulnerability in Dimofinf Dawaween 1.03 SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. | 7.5 |
| 2009-09-23 | CVE-2009-3318 | Joomla Breedveld | Path Traversal vulnerability in Breedveld COM Album 1.14 Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. | 7.5 |
| 2009-09-23 | CVE-2009-3317 | Thecodeweasel | Code Injection vulnerability in Thecodeweasel Opensiteadmin 0.9.7 PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648. | 7.5 |
| 2009-09-23 | CVE-2009-3316 | Joomla Jforjoomla | SQL Injection vulnerability in Jforjoomla COM Jreservation 1.0/1.5 SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3315 | Nelogic | SQL Injection vulnerability in Nelogic Nephp Publisher 3.5.9/4.5 SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field. | 7.5 |
| 2009-09-23 | CVE-2009-3314 | Eliteladders | SQL Injection vulnerability in Eliteladders Elite Gaming Ladders 3.2 SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter. | 7.5 |
| 2009-09-23 | CVE-2009-3310 | Shalwan | SQL Injection vulnerability in Shalwan Zainu 1.0 SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action. | 7.5 |
| 2009-09-23 | CVE-2009-3309 | Cfshopkart | SQL Injection vulnerability in Cfshopkart CF Shopkart 5.4 SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320. | 7.5 |
| 2009-09-23 | CVE-2009-3308 | Fanupdate | SQL Injection vulnerability in Fanupdate 2.2.1 SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | 7.5 |
| 2009-09-23 | CVE-2009-3307 | Frank Lichtenheld | Code Injection vulnerability in Frank Lichtenheld Fsphp 0.2.1 Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/. | 7.5 |
| 2009-09-23 | CVE-2009-3306 | Richrumble | Code Injection vulnerability in Richrumble Clearsite 4.50 PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter. | 7.5 |
| 2009-09-22 | CVE-2009-3293 | PHP | Unspecified vulnerability in PHP Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." | 7.5 |
| 2009-09-22 | CVE-2009-3292 | PHP | Unspecified vulnerability in PHP Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing." | 7.5 |
| 2009-09-22 | CVE-2009-3291 | PHP | Improper Input Validation vulnerability in PHP The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. | 7.5 |
| 2009-09-22 | CVE-2009-3287 | Macournoyer | Improper Input Validation vulnerability in Macournoyer Thin lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header. | 7.5 |
| 2009-09-21 | CVE-2009-3273 | Apple | Cryptographic Issues vulnerability in Apple Iphone OS iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | 7.5 |
| 2009-09-24 | CVE-2009-3390 | SUN | Local Security vulnerability in OpenSolaris Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library. | 7.2 |
| 2009-09-24 | CVE-2009-2682 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux B.11.23/B.11.31 Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | 7.2 |
39 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-09-21 | CVE-2009-2939 | Postfix Debian Ubuntu | Link Following vulnerability in Postfix 2.5.5 The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. | 6.9 |
| 2009-09-25 | CVE-2009-3426 | Databay | Code Injection vulnerability in Databay Maxcms 3.11.20B PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter. | 6.8 |
| 2009-09-25 | CVE-2009-3424 | Databay | Code Injection vulnerability in Databay Maxcms 3.11.20B Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) is_projectPath parameter to includes/InstantSite/inc.is_root.php; GLOBALS[thCMS_root] parameter to (2) classes/class.Tree.php, (3) includes/inc.thcms_admin_mediamanager.php, and (4) modul/mod.rssreader.php; is_path parameter to (5) class.tasklist.php, (6) class.thcms.php, (7) class.thcms_content.php, (8) class.thcms_modul_parent.php, (9) class.thcms_page.php, and (10) class.thcsm_user.php in classes/; and (11) includes/InstantSite/class.Tree.php; and thCMS_root parameter to (12) classes/class.thcms_modul.php; (13) inc.page_edit_tasklist.php, (14) inc.thcms_admin_overview_backup.php, and (15) inc.thcms_edit_content.php in includes/; and (16) class.thcms_modul_parent_xml.php, (17) mod.cmstranslator.php, (18) mod.download.php, (19) mod.faq.php, (20) mod.guestbook.php, (21) mod.html.php, (22) mod.menu.php, (23) mod.news.php, (24) mod.newsticker.php, (25) mod.rss.php, (26) mod.search.php, (27) mod.sendtofriend.php, (28) mod.sitemap.php, (29) mod.tagdoc.php, (30) mod.template.php, (31) mod.test.php, (32) mod.text.php, (33) mod.upload.php, and (34) mod.users.php in modul/. | 6.8 |
| 2009-09-25 | CVE-2009-3423 | Zenas | Improper Authentication vulnerability in Zenas Paolink 1.0 login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | 6.8 |
| 2009-09-25 | CVE-2009-3422 | Zenas | Improper Authentication vulnerability in Zenas Paoliber 1.1 login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1. | 6.8 |
| 2009-09-23 | CVE-2009-3330 | Cpecreator | SQL Injection vulnerability in Cpecreator CP Creator 2.7.1 SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action. | 6.8 |
| 2009-09-23 | CVE-2009-3321 | Saphplesson | SQL Injection vulnerability in Saphplesson 4.3 SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header. | 6.8 |
| 2009-09-23 | CVE-2009-3312 | Tomex | Code Injection vulnerability in Tomex PHPpollscript PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter. | 6.8 |
| 2009-09-23 | CVE-2009-3313 | Fmyclone | SQL Injection vulnerability in Fmyclone 2.3 Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php. | 6.5 |
| 2009-09-21 | CVE-2009-3200 | Qnap | Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command. | 5.9 |
| 2009-09-21 | CVE-2009-3278 | Qnap | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qnap Ts-239 PRO Firmware and Ts-639 PRO Firmware The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack. | 5.5 |
| 2009-09-25 | CVE-2009-3431 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. | 5.0 |
| 2009-09-25 | CVE-2009-3425 | Databay | Path Traversal vulnerability in Databay Maxcms 3.11.20B Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter. | 5.0 |
| 2009-09-24 | CVE-2009-3366 | Plohni | Path Traversal vulnerability in Plohni AN Image Gallery 1.0 Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. | 5.0 |
| 2009-09-24 | CVE-2009-3344 | Microsoft SAP | Remote vulnerability in SAP Crystal Reports Server 2008 Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. | 5.0 |
| 2009-09-24 | CVE-2009-3340 | Freesshd | Denial-Of-Service vulnerability in Freesshd 1.2.4 Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | 5.0 |
| 2009-09-22 | CVE-2009-3294 | PHP | Use of Externally-Controlled Format String vulnerability in PHP The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. | 5.0 |
| 2009-09-22 | CVE-2009-3284 | Phpspot | Path Traversal vulnerability in PHPspot products Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2009-09-21 | CVE-2009-3277 | Xenu BY | Denial-Of-Service vulnerability in Datavault DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability. | 5.0 |
| 2009-09-21 | CVE-2009-3276 | Nasd | Denial-Of-Service vulnerability in Corenet1 Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability. | 5.0 |
| 2009-09-21 | CVE-2009-3275 | Microsoft | USE of Externally-Controlled Format String vulnerability in Microsoft Enterprise Library 3.1/4.0/4.1 Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability. | 5.0 |
| 2009-09-21 | CVE-2009-3272 | Apple | Resource Management Errors vulnerability in Apple Safari Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. | 5.0 |
| 2009-09-22 | CVE-2009-3288 | Kernel Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. | 4.9 |
| 2009-09-21 | CVE-2009-3279 | Qnap | Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack. | 4.9 |
| 2009-09-25 | CVE-2009-3427 | Kayako | Cross-Site Scripting vulnerability in Kayako Supportsuite 3.50.06 Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket. | 4.3 |
| 2009-09-25 | CVE-2009-3420 | Intesync | Cross-Site Scripting vulnerability in Intesync Miniweb 2.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO. | 4.3 |
| 2009-09-24 | CVE-2009-3368 | Joomlahbs Joomla | Cross-Site Scripting vulnerability in Joomlahbs COM Hbssearch Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. | 4.3 |
| 2009-09-24 | CVE-2009-3367 | Plohni | Cross-Site Scripting vulnerability in Plohni AN Image Gallery 1.0 Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. | 4.3 |
| 2009-09-24 | CVE-2009-3363 | Drupal Ufku Bayburt | Cross-Site Scripting vulnerability in Ufku Bayburt Bueditor Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | 4.3 |
| 2009-09-24 | CVE-2009-3360 | Datemill | Cross-Site Scripting vulnerability in Datemill 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php. | 4.3 |
| 2009-09-24 | CVE-2009-3359 | Datetopia | Cross-Site Scripting vulnerability in Datetopia Match Agency BIZ 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php. | 4.3 |
| 2009-09-24 | CVE-2009-3355 | Datetopia | Cross-Site Scripting vulnerability in Datetopia BUY Dating Site 1.0 Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter. | 4.3 |
| 2009-09-24 | CVE-2009-3348 | Datavore | Cross-Site Scripting vulnerability in Datavore Gyro 5.0 Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component. | 4.3 |
| 2009-09-23 | CVE-2009-3328 | Webilix | Cross-Site Scripting vulnerability in Webilix Wx-Guestbook 1.1.208 Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). | 4.3 |
| 2009-09-23 | CVE-2009-3320 | Zenas | Cross-Site Scripting vulnerability in Zenas Paolink 1.0 Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2009-09-23 | CVE-2009-3311 | Rssmediascript | Cross-Site Scripting vulnerability in Rssmediascript Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
| 2009-09-22 | CVE-2009-3283 | Phpspot | Cross-Site Scripting vulnerability in PHPspot products Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies. | 4.3 |
| 2009-09-21 | CVE-2009-3271 | Apple | Improper Input Validation vulnerability in Apple Iphone OS and Safari Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | 4.3 |
| 2009-09-21 | CVE-2009-2742 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. | 4.3 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-09-21 | CVE-2009-2743 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. | 2.1 |