Weekly Vulnerabilities Reports > September 28 to October 4, 2009
Overview
113 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 51 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 69 vendors including Cisco, IBM, Joomla, Drupal, and Bpowerhouse. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Cryptographic Issues".
- 100 reported vulnerabilities are remotely exploitables.
- 21 reported vulnerabilities have public exploit available.
- 61 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 99 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 13 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-10-01 | CVE-2009-3517 | IBM | Authentication Bypass vulnerability in IBM AIX 'nfs_portmon' nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors. | 10.0 |
2009-09-29 | CVE-2009-3473 | IBM | Remote Security vulnerability in IBM DB2 9.1 IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors. | 10.0 |
2009-10-02 | CVE-2009-3537 | Epicdjsoftware | Buffer Errors vulnerability in Epicdjsoftware Epicdj 1.3.9.1 Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file. | 9.3 |
2009-10-02 | CVE-2009-3536 | Epicdjsoftware | Buffer Errors vulnerability in Epicdjsoftware Epicvj 1.2.8.0/1.3.1.2 Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file. | 9.3 |
2009-10-01 | CVE-2009-3518 | IBM | Code Injection vulnerability in IBM Installation Manager Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname. | 9.3 |
2009-09-30 | CVE-2009-3484 | Coreftp | Buffer Errors vulnerability in Coreftp Core FTP 2.1 Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. | 9.3 |
2009-09-30 | CVE-2009-3483 | Globalscape | Buffer Errors vulnerability in Globalscape Cuteftp 8.3.3/8.3.3.0054 Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing an entry with a long label. | 9.3 |
2009-09-29 | CVE-2009-3476 | Internet2 | Buffer Errors vulnerability in Internet2 Opensaml, Shibboleth-Sp and Xmltooling Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL. | 9.3 |
51 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-10-01 | CVE-2009-3520 | Cmsphp Project | Cross-Site Request Forgery (CSRF) vulnerability in Cmsphp Project Cmsphp 0.21 Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action. | 8.8 |
2009-09-30 | CVE-2009-3489 | Adobe | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Photoshop Elements 8.0 Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | 7.8 |
2009-09-30 | CVE-2009-3482 | Trustport | Incorrect Permission Assignment for Critical Resource vulnerability in Trustport Antivirus and PC Security TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs. | 7.8 |
2009-09-28 | CVE-2009-2871 | Cisco | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002. | 7.8 |
2009-09-28 | CVE-2009-2870 | Cisco | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880. | 7.8 |
2009-09-28 | CVE-2009-2869 | Cisco | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948. | 7.8 |
2009-09-28 | CVE-2009-2868 | Cisco | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997. | 7.8 |
2009-09-28 | CVE-2009-2867 | Cisco | Unspecified vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP transit packet, aka Bug ID CSCsr18691. | 7.8 |
2009-09-28 | CVE-2009-2866 | Cisco | Denial of Service vulnerability in Cisco IOS H.323 Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104. | 7.8 |
2009-09-28 | CVE-2009-2864 | Cisco | Denial of Service vulnerability in Cisco products Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. | 7.8 |
2009-09-28 | CVE-2009-2865 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS and Unified Communications Manager Express Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779. | 7.6 |
2009-10-02 | CVE-2009-3543 | Phenotype CMS | SQL Injection vulnerability in Phenotype-Cms Phenotype CMS SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name). | 7.5 |
2009-10-02 | CVE-2009-3542 | Kneuro | Path Traversal vulnerability in Kneuro Littlesite.PHP 0.1 Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-10-02 | CVE-2009-3541 | Phpgenealogy | Code Injection vulnerability in PHPgenealogy 2.0 PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter. | 7.5 |
2009-10-02 | CVE-2009-3538 | Allisclear | Path Traversal vulnerability in Allisclear Clear Content 1.1 Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. | 7.5 |
2009-10-02 | CVE-2009-3533 | John Beranek | SQL Injection vulnerability in John Beranek Meeting Room Booking System SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. | 7.5 |
2009-10-02 | CVE-2009-3532 | Logrover Microsoft | SQL Injection vulnerability in Logrover 2.3/2.3.3 Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. | 7.5 |
2009-10-02 | CVE-2009-3531 | Universe | SQL Injection vulnerability in Universe CMS 1.0.6 SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-10-01 | CVE-2009-3511 | Fh54 | Code Injection vulnerability in Fh54 Justvisual 1.2 Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php. | 7.5 |
2009-10-01 | CVE-2009-3510 | Dataspheric | SQL Injection vulnerability in Dataspheric Linkspheric 0.74 SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter. | 7.5 |
2009-10-01 | CVE-2009-3507 | Jean Michel Wyttenbach | Path Traversal vulnerability in Jean-Michel Wyttenbach Cmsphp 0.21 Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-09-30 | CVE-2009-3505 | Vastal | SQL Injection vulnerability in Vastal Mmorpg Zone SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | 7.5 |
2009-09-30 | CVE-2009-3504 | Alibabaclone | SQL Injection vulnerability in Alibabaclone Alibaba Clone 3.0 SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-09-30 | CVE-2009-3503 | Bpowerhouse | SQL Injection vulnerability in Bpowerhouse Bpholidaylettings 1.0 Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters. | 7.5 |
2009-09-30 | CVE-2009-3502 | Bpowerhouse | SQL Injection vulnerability in Bpowerhouse Bpmusic 1.0 SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter. | 7.5 |
2009-09-30 | CVE-2009-3501 | Bpowerhouse | SQL Injection vulnerability in Bpowerhouse Bpstudents 1.0 SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action. | 7.5 |
2009-09-30 | CVE-2009-3500 | Bpowerhouse | SQL Injection vulnerability in Bpowerhouse Bpgames 1.0 Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php. | 7.5 |
2009-09-30 | CVE-2009-3499 | Bpowerhouse | SQL Injection vulnerability in Bpowerhouse Bplawyercasedocuments 1.0 SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2009-09-30 | CVE-2009-3497 | Vastal | SQL Injection vulnerability in Vastal Agent Zone SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-09-30 | CVE-2009-3495 | Vastal | SQL Injection vulnerability in Vastal DVD Zone SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465. | 7.5 |
2009-09-30 | CVE-2009-3492 | Gotdns | Code Injection vulnerability in Gotdns Loggix Project 9.3.27/9.3.28 Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to (1) Calendar.php, (2) Comment.php, (3) Rss.php and (4) Trackback.php in lib/Loggix/Module/; and (5) modules/downloads/lib/LM_Downloads.php. | 7.5 |
2009-09-30 | CVE-2009-3491 | Joomla Kinfusion | SQL Injection vulnerability in Kinfusion COM Sportfusion 0.2.2/0.2.3 SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | 7.5 |
2009-09-30 | CVE-2009-3481 | Isygen Joomla | Improper Authentication vulnerability in Isygen COM Icrmbasic 1.4.2.31 A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. | 7.5 |
2009-09-30 | CVE-2009-3480 | Isygen Joomla | SQL Injection vulnerability in Isygen Icrm Basic 1.4.2.31 SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. | 7.5 |
2009-09-29 | CVE-2009-3475 | Internet2 | Cryptographic Issues vulnerability in Internet2 Shibboleth-Sp Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
2009-09-29 | CVE-2009-3474 | Internet2 | Cryptographic Issues vulnerability in Internet2 Opensaml, Shibboleth-Sp and Xmltooling OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. | 7.5 |
2009-09-29 | CVE-2009-3471 | IBM | Remote Security vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors. | 7.5 |
2009-09-29 | CVE-2009-3456 | Cryptographic Issues vulnerability in Google Chrome Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 | |
2009-09-29 | CVE-2009-3455 | Apple | Cryptographic Issues vulnerability in Apple Safari Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
2009-09-28 | CVE-2009-3446 | Rick Estrada Joomla | SQL Injection vulnerability in Rick Estrada COM Mytube 1.0Beta SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. | 7.5 |
2009-09-28 | CVE-2009-3443 | Fastballproductions Joomla | SQL Injection vulnerability in Fastballproductions COM Fastball 1.1.0/1.2 SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php. | 7.5 |
2009-09-28 | CVE-2009-3438 | Witchakorn Kamolpornwijit Joomla | SQL Injection vulnerability in Witchakorn Kamolpornwijit COM Facebook SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php. | 7.5 |
2009-09-28 | CVE-2009-3436 | Maxwebportal | SQL Injection vulnerability in Maxwebportal Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. | 7.5 |
2009-09-28 | CVE-2009-3434 | Onestopjoomla Joomla Mambo | SQL Injection vulnerability in Onestopjoomla COM Tupinambis 1.0 SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. | 7.5 |
2009-10-01 | CVE-2009-3524 | Avast | Unspecified vulnerability in Avast Antivirus Home and Avast Antivirus Professional Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors. | 7.2 |
2009-10-01 | CVE-2009-3522 | Avast | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avast Antivirus Home and Avast Antivirus Professional Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. | 7.2 |
2009-10-01 | CVE-2009-3516 | IBM | Credentials Management vulnerability in IBM AIX gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors. | 7.2 |
2009-09-28 | CVE-2009-3433 | SUN | Local Privilege Escalation vulnerability in SUN Cluster 3.2 Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors. | 7.2 |
2009-09-29 | CVE-2009-2683 | HP | Unspecified vulnerability in HP Remote Graphics Software Unspecified vulnerability in the Sender module in HP Remote Graphics Software (RGS) 5.1.3 through 5.2.6 allows remote authenticated users to execute arbitrary code via unknown vectors. | 7.1 |
2009-09-28 | CVE-2009-2873 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889. | 7.1 |
2009-09-28 | CVE-2009-2863 | Cisco | Improper Authentication vulnerability in Cisco IOS Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | 7.1 |
50 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-10-01 | CVE-2009-3523 | Avast | Improper Input Validation vulnerability in Avast Antivirus Home and Avast Antivirus Professional aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. | 6.9 |
2009-10-01 | CVE-2009-2904 | Openbsd Fedoraproject Redhat | Configuration vulnerability in Openbsd Openssh 4.3/4.8 A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. | 6.9 |
2009-09-29 | CVE-2009-3468 | SUN | Local Privilege Escalation vulnerability in SUN Solaris 10.0 Multiple unspecified vulnerabilities in Common Desktop Environment (CDE) in Sun Solaris 10, when Trusted Extensions is enabled, allow local users to execute arbitrary commands or bypass the Mandatory Access Control (MAC) policy via unknown vectors, related to a menu typo and the Style Manager. | 6.9 |
2009-10-02 | CVE-2009-3534 | Lionwiki | Path Traversal vulnerability in Lionwiki 3.0.3 Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 6.8 |
2009-10-02 | CVE-2009-3529 | Radscripts | SQL Injection vulnerability in Radscripts Radbids 4 SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074. | 6.8 |
2009-09-30 | CVE-2009-3498 | Hbcms | SQL Injection vulnerability in Hbcms 1.7 SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | 6.8 |
2009-09-30 | CVE-2009-3494 | Todor Lazarov | SQL Injection vulnerability in Todor Lazarov T-Htb Manager 0.5 Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors. | 6.8 |
2009-09-30 | CVE-2009-3490 | GNU | Cryptographic Issues vulnerability in GNU Wget GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |
2009-09-29 | CVE-2009-3477 | RIM | Cryptographic Issues vulnerability in RIM Blackberry Device Software The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.8 |
2009-09-29 | CVE-2009-2681 | HP Microsoft | Privilege Escalation vulnerability in HP ProCurve Identity Driven Manager (IDM) Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors. | 6.8 |
2009-09-29 | CVE-2009-3447 | Radactive | Race Condition vulnerability in Radactive I-Load Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window. | 6.8 |
2009-09-28 | CVE-2009-2872 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776. | 6.8 |
2009-10-02 | CVE-2009-3528 | Al4Us | SQL Injection vulnerability in Al4Us Mymsg 1.0.3 SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action. | 6.5 |
2009-10-01 | CVE-2009-3515 | Marcin Manek | Path Traversal vulnerability in Marcin Manek D.Net CMS Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. | 6.5 |
2009-10-01 | CVE-2009-3514 | Marcin Manek | SQL Injection vulnerability in Marcin Manek D.Net CMS Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php. | 6.5 |
2009-09-29 | CVE-2009-3472 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | 6.5 |
2009-09-28 | CVE-2009-3439 | Alienvault | SQL Injection vulnerability in Alienvault Ossim 1.0.4/1.0.6/2.1 Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. | 6.5 |
2009-10-01 | CVE-2009-0209 | Osisoft | Cryptographic Issues vulnerability in Osisoft PI Server PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors. | 6.4 |
2009-10-01 | CVE-2009-3508 | Fcgphilipp | Path Traversal vulnerability in Fcgphilipp Mujecms 1.0.4.34 Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. | 6.0 |
2009-09-29 | CVE-2009-3470 | IBM | Resource Management Errors vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection. | 5.0 |
2009-09-29 | CVE-2009-3457 | Cisco | Information Exposure vulnerability in Cisco ACE web Application Firewall and ACE XML Gateway Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. | 5.0 |
2009-09-29 | CVE-2009-3452 | Radactive | Information Exposure vulnerability in Radactive I-Load WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname. | 5.0 |
2009-09-29 | CVE-2009-3451 | Radactive | Path Traversal vulnerability in Radactive I-Load Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2009-09-28 | CVE-2009-3445 | Code Crafters | Remote Denial Of Service vulnerability in Code-Crafters Ability Mail Server IMAP FETCH Request Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH command. | 5.0 |
2009-09-28 | CVE-2009-3442 | Drupal Ariel Barreiro | Permissions, Privileges, and Access Controls vulnerability in Ariel Barreiro Meta Tags The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2009-09-28 | CVE-2009-3441 | Alienvault | Improper Authentication vulnerability in Alienvault Ossim 1.0.4/1.0.6 Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php. | 5.0 |
2009-10-01 | CVE-2009-3519 | Oracle | Missing Release of Resource after Effective Lifetime vulnerability in Oracle Opensolaris and Solaris Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages. | 4.9 |
2009-09-29 | CVE-2009-2905 | Fedorahosted | Buffer Errors vulnerability in Fedorahosted Newt 0.51.5/0.51.6/0.52.2 Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box. | 4.6 |
2009-10-02 | CVE-2009-3540 | Yourfreeworld | Cross-Site Scripting vulnerability in Yourfreeworld Ultra Classifieds PRO Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. | 4.3 |
2009-10-02 | CVE-2009-3539 | Yourfreeworld | Cross-Site Scripting vulnerability in Yourfreeworld Ultra Classifieds PRO Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php. | 4.3 |
2009-10-02 | CVE-2009-3535 | Allisclear | Path Traversal vulnerability in Allisclear Clear Content 1.1 Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. | 4.3 |
2009-10-02 | CVE-2009-3530 | Radscripts | Cross-Site Scripting vulnerability in Radscripts Radbids 4 Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | 4.3 |
2009-10-01 | CVE-2009-3521 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Composite Application Manager for Wesbsphere 6.1.0 Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-10-01 | CVE-2009-3513 | Pilotgroup | Cross-Site Scripting vulnerability in Pilotgroup PG Etraining Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php. | 4.3 |
2009-10-01 | CVE-2009-3512 | Phplemon | Cross-Site Scripting vulnerability in PHPlemon Myweight 1.0 Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php. | 4.3 |
2009-10-01 | CVE-2009-3509 | CJ Design | Cross-Site Scripting vulnerability in Cj-Design CJ Dynamic Poll 2.0 Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
2009-10-01 | CVE-2009-3506 | Jean Michel Wyttenbach | Cross-Site Scripting vulnerability in Jean-Michel Wyttenbach Cmsphp 0.21 Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php. | 4.3 |
2009-09-30 | CVE-2009-3496 | Vastal | Cross-Site Scripting vulnerability in Vastal DVD Zone Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter. | 4.3 |
2009-09-30 | CVE-2009-3493 | Zenas | Cross-Site Scripting vulnerability in Zenas Paobacheca Guestbook 2.1 Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php. | 4.3 |
2009-09-30 | CVE-2009-3485 | Juniper | Cross-Site Scripting vulnerability in Juniper Junos 8.5/9.0 Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. | 4.3 |
2009-09-30 | CVE-2009-3479 | Drupal RON Jerome | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title. | 4.3 |
2009-09-29 | CVE-2009-3469 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.0.1 Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |
2009-09-29 | CVE-2009-3453 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1.0 Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. | 4.3 |
2009-09-29 | CVE-2009-3450 | Radactive | Cross-Site Scripting vulnerability in Radactive I-Load Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET. | 4.3 |
2009-09-29 | CVE-2009-3449 | Collectorz | Unspecified vulnerability in Collectorz MP3 Collector 2.3 MP3 Collector 2.3 allows remote attackers to cause a denial of service (application crash) via a long URL in a .m3u playlist file. | 4.3 |
2009-09-28 | CVE-2009-3444 | E107 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action. | 4.3 |
2009-09-28 | CVE-2009-3440 | Alienvault | Cross-Site Scripting vulnerability in Alienvault Ossim 1.0.4/1.0.6 Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu). | 4.3 |
2009-09-28 | CVE-2009-3437 | Henriksjokvist Drupal | Cross-Site Scripting vulnerability in Henriksjokvist Markdown Preview 6.X Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input." | 4.3 |
2009-09-28 | CVE-2009-3435 | Moshe Weitzman Drupal | Cross-Site Scripting vulnerability in Moshe Weitzman Devel Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name. | 4.3 |
2009-09-28 | CVE-2009-2862 | Cisco | Unspecified vulnerability in Cisco IOS The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-09-30 | CVE-2009-3487 | Juniper | Cross-Site Scripting vulnerability in Juniper Junos 8.5 Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program. | 3.5 |
2009-09-30 | CVE-2009-3486 | Juniper | Cross-Site Scripting vulnerability in Juniper Junos 8.5 Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program. | 3.5 |
2009-09-30 | CVE-2009-3488 | Drupal RON Jerome | Cross-Site Scripting vulnerability in RON Jerome Bibliography 6.X1.6 Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479. | 2.1 |
2009-09-28 | CVE-2009-3432 | SUN | Local Information Disclosure vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events. | 1.9 |