Weekly Vulnerabilities Reports > September 28 to October 4, 2009
Overview
3 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 3 vendors including Adobe, Cmsphp Project, and Trustport. Vulnerabilities are notably categorized as "Incorrect Permission Assignment for Critical Resource", and "Cross-Site Request Forgery (CSRF)".
- 1 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-01 | CVE-2009-3520 | Cmsphp Project | Cross-Site Request Forgery (CSRF) vulnerability in Cmsphp Project Cmsphp 0.21 Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action. | 8.8 |
| 2009-09-30 | CVE-2009-3489 | Adobe | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Photoshop Elements 8.0 Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | 7.8 |
| 2009-09-30 | CVE-2009-3482 | Trustport | Incorrect Permission Assignment for Critical Resource vulnerability in Trustport Antivirus and PC Security TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs. | 7.8 |
0 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|