Weekly Vulnerabilities Reports > September 28 to October 4, 2009

Overview

113 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 51 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 69 vendors including Cisco, IBM, Joomla, Drupal, and Bpowerhouse. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Cryptographic Issues".

  • 100 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 61 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 99 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-01 CVE-2009-3517 IBM Authentication Bypass vulnerability in IBM AIX 'nfs_portmon'

nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

10.0
2009-09-29 CVE-2009-3473 IBM Remote Security vulnerability in IBM DB2 9.1

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

10.0
2009-10-02 CVE-2009-3537 Epicdjsoftware Buffer Errors vulnerability in Epicdjsoftware Epicdj 1.3.9.1

Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.

9.3
2009-10-02 CVE-2009-3536 Epicdjsoftware Buffer Errors vulnerability in Epicdjsoftware Epicvj 1.2.8.0/1.3.1.2

Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.

9.3
2009-10-01 CVE-2009-3518 IBM Code Injection vulnerability in IBM Installation Manager

Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.

9.3
2009-09-30 CVE-2009-3484 Coreftp Buffer Errors vulnerability in Coreftp Core FTP 2.1

Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file.

9.3
2009-09-30 CVE-2009-3483 Globalscape Buffer Errors vulnerability in Globalscape Cuteftp 8.3.3/8.3.3.0054

Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing an entry with a long label.

9.3
2009-09-29 CVE-2009-3476 Internet2 Buffer Errors vulnerability in Internet2 Opensaml, Shibboleth-Sp and Xmltooling

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

9.3

51 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-01 CVE-2009-3520 Cmsphp Project Cross-Site Request Forgery (CSRF) vulnerability in Cmsphp Project Cmsphp 0.21

Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.

8.8
2009-09-30 CVE-2009-3489 Adobe Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Photoshop Elements 8.0

Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

7.8
2009-09-30 CVE-2009-3482 Trustport Incorrect Permission Assignment for Critical Resource vulnerability in Trustport Antivirus and PC Security

TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs.

7.8
2009-09-28 CVE-2009-2871 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.

7.8
2009-09-28 CVE-2009-2870 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880.

7.8
2009-09-28 CVE-2009-2869 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.

7.8
2009-09-28 CVE-2009-2868 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.

7.8
2009-09-28 CVE-2009-2867 Cisco Unspecified vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP transit packet, aka Bug ID CSCsr18691.

7.8
2009-09-28 CVE-2009-2866 Cisco Denial of Service vulnerability in Cisco IOS H.323

Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104.

7.8
2009-09-28 CVE-2009-2864 Cisco Denial of Service vulnerability in Cisco products

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.

7.8
2009-09-28 CVE-2009-2865 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS and Unified Communications Manager Express

Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.

7.6
2009-10-02 CVE-2009-3543 Phenotype CMS SQL Injection vulnerability in Phenotype-Cms Phenotype CMS

SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).

7.5
2009-10-02 CVE-2009-3542 Kneuro Path Traversal vulnerability in Kneuro Littlesite.PHP 0.1

Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-10-02 CVE-2009-3541 Phpgenealogy Code Injection vulnerability in PHPgenealogy 2.0

PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.

7.5
2009-10-02 CVE-2009-3538 Allisclear Path Traversal vulnerability in Allisclear Clear Content 1.1

Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a ..

7.5
2009-10-02 CVE-2009-3533 John Beranek SQL Injection vulnerability in John Beranek Meeting Room Booking System

SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter.

7.5
2009-10-02 CVE-2009-3532 Logrover
Microsoft
SQL Injection vulnerability in Logrover 2.3/2.3.3

Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters.

7.5
2009-10-02 CVE-2009-3531 Universe SQL Injection vulnerability in Universe CMS 1.0.6

SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-10-01 CVE-2009-3511 Fh54 Code Injection vulnerability in Fh54 Justvisual 1.2

Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php.

7.5
2009-10-01 CVE-2009-3510 Dataspheric SQL Injection vulnerability in Dataspheric Linkspheric 0.74

SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter.

7.5
2009-10-01 CVE-2009-3507 Jean Michel Wyttenbach Path Traversal vulnerability in Jean-Michel Wyttenbach Cmsphp 0.21

Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-09-30 CVE-2009-3505 Vastal SQL Injection vulnerability in Vastal Mmorpg Zone

SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

7.5
2009-09-30 CVE-2009-3504 Alibabaclone SQL Injection vulnerability in Alibabaclone Alibaba Clone 3.0

SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-09-30 CVE-2009-3503 Bpowerhouse SQL Injection vulnerability in Bpowerhouse Bpholidaylettings 1.0

Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.

7.5
2009-09-30 CVE-2009-3502 Bpowerhouse SQL Injection vulnerability in Bpowerhouse Bpmusic 1.0

SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.

7.5
2009-09-30 CVE-2009-3501 Bpowerhouse SQL Injection vulnerability in Bpowerhouse Bpstudents 1.0

SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action.

7.5
2009-09-30 CVE-2009-3500 Bpowerhouse SQL Injection vulnerability in Bpowerhouse Bpgames 1.0

Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php.

7.5
2009-09-30 CVE-2009-3499 Bpowerhouse SQL Injection vulnerability in Bpowerhouse Bplawyercasedocuments 1.0

SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2009-09-30 CVE-2009-3497 Vastal SQL Injection vulnerability in Vastal Agent Zone

SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-09-30 CVE-2009-3495 Vastal SQL Injection vulnerability in Vastal DVD Zone

SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.

7.5
2009-09-30 CVE-2009-3492 Gotdns Code Injection vulnerability in Gotdns Loggix Project 9.3.27/9.3.28

Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to (1) Calendar.php, (2) Comment.php, (3) Rss.php and (4) Trackback.php in lib/Loggix/Module/; and (5) modules/downloads/lib/LM_Downloads.php.

7.5
2009-09-30 CVE-2009-3491 Joomla
Kinfusion
SQL Injection vulnerability in Kinfusion COM Sportfusion 0.2.2/0.2.3

SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.

7.5
2009-09-30 CVE-2009-3481 Isygen
Joomla
Improper Authentication vulnerability in Isygen COM Icrmbasic 1.4.2.31

A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors.

7.5
2009-09-30 CVE-2009-3480 Isygen
Joomla
SQL Injection vulnerability in Isygen Icrm Basic 1.4.2.31

SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php.

7.5
2009-09-29 CVE-2009-3475 Internet2 Cryptographic Issues vulnerability in Internet2 Shibboleth-Sp

Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

7.5
2009-09-29 CVE-2009-3474 Internet2 Cryptographic Issues vulnerability in Internet2 Opensaml, Shibboleth-Sp and Xmltooling

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.

7.5
2009-09-29 CVE-2009-3471 IBM Remote Security vulnerability in IBM DB2 8.0/9.1/9.5

IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.

7.5
2009-09-29 CVE-2009-3456 Google Cryptographic Issues vulnerability in Google Chrome

Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

7.5
2009-09-29 CVE-2009-3455 Apple Cryptographic Issues vulnerability in Apple Safari

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

7.5
2009-09-28 CVE-2009-3446 Rick Estrada
Joomla
SQL Injection vulnerability in Rick Estrada COM Mytube 1.0Beta

SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.

7.5
2009-09-28 CVE-2009-3443 Fastballproductions
Joomla
SQL Injection vulnerability in Fastballproductions COM Fastball 1.1.0/1.2

SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.

7.5
2009-09-28 CVE-2009-3438 Witchakorn Kamolpornwijit
Joomla
SQL Injection vulnerability in Witchakorn Kamolpornwijit COM Facebook

SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.

7.5
2009-09-28 CVE-2009-3436 Maxwebportal SQL Injection vulnerability in Maxwebportal

Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter.

7.5
2009-09-28 CVE-2009-3434 Onestopjoomla
Joomla
Mambo
SQL Injection vulnerability in Onestopjoomla COM Tupinambis 1.0

SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.

7.5
2009-10-01 CVE-2009-3524 Avast Unspecified vulnerability in Avast Antivirus Home and Avast Antivirus Professional

Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.

7.2
2009-10-01 CVE-2009-3522 Avast Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avast Antivirus Home and Avast Antivirus Professional

Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.

7.2
2009-10-01 CVE-2009-3516 IBM Credentials Management vulnerability in IBM AIX

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

7.2
2009-09-28 CVE-2009-3433 SUN Local Privilege Escalation vulnerability in SUN Cluster 3.2

Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors.

7.2
2009-09-29 CVE-2009-2683 HP Unspecified vulnerability in HP Remote Graphics Software

Unspecified vulnerability in the Sender module in HP Remote Graphics Software (RGS) 5.1.3 through 5.2.6 allows remote authenticated users to execute arbitrary code via unknown vectors.

7.1
2009-09-28 CVE-2009-2873 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889.

7.1
2009-09-28 CVE-2009-2863 Cisco Improper Authentication vulnerability in Cisco IOS

Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.

7.1

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-01 CVE-2009-3523 Avast Improper Input Validation vulnerability in Avast Antivirus Home and Avast Antivirus Professional

aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.

6.9
2009-10-01 CVE-2009-2904 Openbsd
Fedoraproject
Redhat
Configuration vulnerability in Openbsd Openssh 4.3/4.8

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.

6.9
2009-09-29 CVE-2009-3468 SUN Local Privilege Escalation vulnerability in SUN Solaris 10.0

Multiple unspecified vulnerabilities in Common Desktop Environment (CDE) in Sun Solaris 10, when Trusted Extensions is enabled, allow local users to execute arbitrary commands or bypass the Mandatory Access Control (MAC) policy via unknown vectors, related to a menu typo and the Style Manager.

6.9
2009-10-02 CVE-2009-3534 Lionwiki Path Traversal vulnerability in Lionwiki 3.0.3

Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..

6.8
2009-10-02 CVE-2009-3529 Radscripts SQL Injection vulnerability in Radscripts Radbids 4

SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.

6.8
2009-09-30 CVE-2009-3498 Hbcms SQL Injection vulnerability in Hbcms 1.7

SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

6.8
2009-09-30 CVE-2009-3494 Todor Lazarov SQL Injection vulnerability in Todor Lazarov T-Htb Manager 0.5

Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.

6.8
2009-09-30 CVE-2009-3490 GNU Cryptographic Issues vulnerability in GNU Wget

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

6.8
2009-09-29 CVE-2009-3477 RIM Cryptographic Issues vulnerability in RIM Blackberry Device Software

The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

6.8
2009-09-29 CVE-2009-2681 HP
Microsoft
Privilege Escalation vulnerability in HP ProCurve Identity Driven Manager (IDM)

Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors.

6.8
2009-09-29 CVE-2009-3447 Radactive Race Condition vulnerability in Radactive I-Load

Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window.

6.8
2009-09-28 CVE-2009-2872 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776.

6.8
2009-10-02 CVE-2009-3528 Al4Us SQL Injection vulnerability in Al4Us Mymsg 1.0.3

SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action.

6.5
2009-10-01 CVE-2009-3515 Marcin Manek Path Traversal vulnerability in Marcin Manek D.Net CMS

Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a ..

6.5
2009-10-01 CVE-2009-3514 Marcin Manek SQL Injection vulnerability in Marcin Manek D.Net CMS

Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.

6.5
2009-09-29 CVE-2009-3472 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5

IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.

6.5
2009-09-28 CVE-2009-3439 Alienvault SQL Injection vulnerability in Alienvault Ossim 1.0.4/1.0.6/2.1

Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.

6.5
2009-10-01 CVE-2009-0209 Osisoft Cryptographic Issues vulnerability in Osisoft PI Server

PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors.

6.4
2009-10-01 CVE-2009-3508 Fcgphilipp Path Traversal vulnerability in Fcgphilipp Mujecms 1.0.4.34

Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a ..

6.0
2009-09-29 CVE-2009-3470 IBM Resource Management Errors vulnerability in IBM Informix Dynamic Server

IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.

5.0
2009-09-29 CVE-2009-3457 Cisco Information Exposure vulnerability in Cisco ACE web Application Firewall and ACE XML Gateway

Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159.

5.0
2009-09-29 CVE-2009-3452 Radactive Information Exposure vulnerability in Radactive I-Load

WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname.

5.0
2009-09-29 CVE-2009-3451 Radactive Path Traversal vulnerability in Radactive I-Load

Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2009-09-28 CVE-2009-3445 Code Crafters Remote Denial Of Service vulnerability in Code-Crafters Ability Mail Server IMAP FETCH Request

Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH command.

5.0
2009-09-28 CVE-2009-3442 Drupal
Ariel Barreiro
Permissions, Privileges, and Access Controls vulnerability in Ariel Barreiro Meta Tags

The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2009-09-28 CVE-2009-3441 Alienvault Improper Authentication vulnerability in Alienvault Ossim 1.0.4/1.0.6

Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.

5.0
2009-10-01 CVE-2009-3519 Oracle Missing Release of Resource after Effective Lifetime vulnerability in Oracle Opensolaris and Solaris

Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages.

4.9
2009-09-29 CVE-2009-2905 Fedorahosted Buffer Errors vulnerability in Fedorahosted Newt 0.51.5/0.51.6/0.52.2

Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.

4.6
2009-10-02 CVE-2009-3540 Yourfreeworld Cross-Site Scripting vulnerability in Yourfreeworld Ultra Classifieds PRO

Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter.

4.3
2009-10-02 CVE-2009-3539 Yourfreeworld Cross-Site Scripting vulnerability in Yourfreeworld Ultra Classifieds PRO

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.

4.3
2009-10-02 CVE-2009-3535 Allisclear Path Traversal vulnerability in Allisclear Clear Content 1.1

Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a ..

4.3
2009-10-02 CVE-2009-3530 Radscripts Cross-Site Scripting vulnerability in Radscripts Radbids 4

Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

4.3
2009-10-01 CVE-2009-3521 IBM Cross-Site Scripting vulnerability in IBM Tivoli Composite Application Manager for Wesbsphere 6.1.0

Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-10-01 CVE-2009-3513 Pilotgroup Cross-Site Scripting vulnerability in Pilotgroup PG Etraining

Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.

4.3
2009-10-01 CVE-2009-3512 Phplemon Cross-Site Scripting vulnerability in PHPlemon Myweight 1.0

Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.

4.3
2009-10-01 CVE-2009-3509 CJ Design Cross-Site Scripting vulnerability in Cj-Design CJ Dynamic Poll 2.0

Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-10-01 CVE-2009-3506 Jean Michel Wyttenbach Cross-Site Scripting vulnerability in Jean-Michel Wyttenbach Cmsphp 0.21

Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php.

4.3
2009-09-30 CVE-2009-3496 Vastal Cross-Site Scripting vulnerability in Vastal DVD Zone

Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.

4.3
2009-09-30 CVE-2009-3493 Zenas Cross-Site Scripting vulnerability in Zenas Paobacheca Guestbook 2.1

Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.

4.3
2009-09-30 CVE-2009-3485 Juniper Cross-Site Scripting vulnerability in Juniper Junos 8.5/9.0

Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.

4.3
2009-09-30 CVE-2009-3479 Drupal
RON Jerome
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

4.3
2009-09-29 CVE-2009-3469 IBM Cross-Site Scripting vulnerability in IBM Lotus Connections 2.0.1

Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

4.3
2009-09-29 CVE-2009-3453 IBM Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1.0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template.

4.3
2009-09-29 CVE-2009-3450 Radactive Cross-Site Scripting vulnerability in Radactive I-Load

Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.

4.3
2009-09-29 CVE-2009-3449 Collectorz Unspecified vulnerability in Collectorz MP3 Collector 2.3

MP3 Collector 2.3 allows remote attackers to cause a denial of service (application crash) via a long URL in a .m3u playlist file.

4.3
2009-09-28 CVE-2009-3444 E107 Cross-Site Scripting vulnerability in E107

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

4.3
2009-09-28 CVE-2009-3440 Alienvault Cross-Site Scripting vulnerability in Alienvault Ossim 1.0.4/1.0.6

Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).

4.3
2009-09-28 CVE-2009-3437 Henriksjokvist
Drupal
Cross-Site Scripting vulnerability in Henriksjokvist Markdown Preview 6.X

Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."

4.3
2009-09-28 CVE-2009-3435 Moshe Weitzman
Drupal
Cross-Site Scripting vulnerability in Moshe Weitzman Devel

Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.

4.3
2009-09-28 CVE-2009-2862 Cisco Unspecified vulnerability in Cisco IOS

The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-30 CVE-2009-3487 Juniper Cross-Site Scripting vulnerability in Juniper Junos 8.5

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program.

3.5
2009-09-30 CVE-2009-3486 Juniper Cross-Site Scripting vulnerability in Juniper Junos 8.5

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.

3.5
2009-09-30 CVE-2009-3488 Drupal
RON Jerome
Cross-Site Scripting vulnerability in RON Jerome Bibliography 6.X1.6

Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479.

2.1
2009-09-28 CVE-2009-3432 SUN Local Information Disclosure vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenSolaris before snv_112, when Xorg or Xnewt is used and RandR is enabled, allows physically proximate attackers to read a locked screen via unknown vectors related to XRandR resize events.

1.9