Weekly Vulnerabilities Reports > October 5 to 11, 2009

Overview

62 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 60 products from 57 vendors including Drupal, Joomla, Nullam, Freewebscriptz, and Xerver. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".

  • 56 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 57 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Openoffice has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-11 CVE-2009-3663 Jasper USE of Externally-Controlled Format String vulnerability in Jasper Httpdx 1.4

Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.

10.0
2009-10-07 CVE-2009-3575 Tatsuhiro Tsujikawa Buffer Overflow vulnerability in aria2 'DHTRoutingTableDeserializer::deserialize()'

Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

10.0
2009-10-06 CVE-2009-3570 Openoffice Remote Security vulnerability in OpenOffice

Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9.

10.0
2009-10-11 CVE-2009-3670 Ksplayer Buffer Errors vulnerability in Ksplayer KSP Sound Player 2009

Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.

9.3
2009-10-09 CVE-2009-3658 AOL Resource Management Errors vulnerability in AOL products

Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.

9.3
2009-10-06 CVE-2009-3574 Tony Million Buffer Errors vulnerability in Tony Million Tuniac 090517C

Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow.

9.3
2009-10-06 CVE-2009-3573 EMC Insecure Method vulnerability in EMC Captiva Pixtools Distributed Imaging 2.2

Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ActiveX control (PDIControl.dll) 2.2.3160.0 in EMC Captiva PixTools Distributed Imaging 2.2 allow remote attackers to create or overwrite arbitrary files via the (1) SetLogFileName and (2) WriteToLog methods.

9.3
2009-10-06 CVE-2009-3571 Openoffice Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Openoffice.Org

Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information.

9.3
2009-10-06 CVE-2009-3569 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Openoffice.Org

Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable information.

9.3

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-05 CVE-2009-2679 HP Remote Denial Of Service vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31

Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.

7.8
2009-10-11 CVE-2009-3669 Foobla
Joomla
SQL Injection vulnerability in Foobla COM Foobla Suggestions 1.5.11

SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.

7.5
2009-10-11 CVE-2009-3667 Adsdx SQL Injection vulnerability in Adsdx 3.05

SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.

7.5
2009-10-11 CVE-2009-3665 Nullam SQL Injection vulnerability in Nullam Blog 0.1.2

Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action.

7.5
2009-10-11 CVE-2009-3664 Nullam Path Traversal vulnerability in Nullam Blog 0.1.2

Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a ..

7.5
2009-10-11 CVE-2009-3659 Stanback SQL Injection vulnerability in Stanback BS Counter 2.5.3

SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2009-10-09 CVE-2009-3645 Joomla
Joomlacache
SQL Injection vulnerability in Joomlacache COM Cbresumebuilder

SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.

7.5
2009-10-09 CVE-2009-3644 Joomla
Soundset
SQL Injection vulnerability in Soundset COM Soundset 1.0

SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.

7.5
2009-10-09 CVE-2009-3642 Frontrange SQL Injection vulnerability in Frontrange Heat 8.01

Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2009-10-08 CVE-2009-3596 Joxtechnology Permissions, Privileges, and Access Controls vulnerability in Joxtechnology Ajox Poll

JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.

7.5
2009-10-08 CVE-2009-3595 Vspanel SQL Injection vulnerability in Vspanel VS Panel 7.5.5

SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.

7.5
2009-10-08 CVE-2009-3590 Vspanel SQL Injection vulnerability in Vspanel VS Panel 7.3.6

SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter.

7.5
2009-10-05 CVE-2009-3525 XEN Permissions, Privileges, and Access Controls vulnerability in XEN 3.0.3/3.3.0/3.3.1

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password.

7.2

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-06 CVE-2009-3527 Freebsd Race Condition vulnerability in Freebsd 6.3/6.4

Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption.

6.9
2009-10-11 CVE-2009-3661 Blueconstantmedia
Joomla
SQL Injection vulnerability in Blueconstantmedia COM Djcatalog

Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.

6.8
2009-10-11 CVE-2009-3660 Efrontlearning Code Injection vulnerability in Efrontlearning Efront

PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

6.8
2009-10-09 CVE-2009-3656 Drupal
TIM Nelson
Cross-Site Request Forgery (CSRF) vulnerability in TIM Nelson Shared Sign-On 5.X/6.X

Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.

6.8
2009-10-09 CVE-2009-3654 316Solutions
Drupal
Unspecified vulnerability in 316Solutions Boost

Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors.

6.4
2009-10-09 CVE-2009-3657 TIM Nelson
Drupal
Improper Authentication vulnerability in TIM Nelson Shared Sign-On 5.X/6.X

Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.

5.8
2009-10-11 CVE-2009-3662 Filecopa Ftpserver Denial Of Service vulnerability in Filecopa-Ftpserver FTP Server 5.01

FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands.

5.0
2009-10-09 CVE-2009-3655 Solarwinds Denial-Of-Service vulnerability in Serv-U

Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.

5.0
2009-10-09 CVE-2009-3646 Intervations Information Exposure vulnerability in Intervations Navicopa web Server 3.01

InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.

5.0
2009-10-09 CVE-2009-3643 Dxmsoft Denial-Of-Service vulnerability in Dxmsoft XM Easy Personal FTP Server 5.8.0

Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728.

5.0
2009-10-08 CVE-2009-3600 Freewebscriptz Information Exposure vulnerability in Freewebscriptz Hubscript 1.0

HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function.

5.0
2009-10-08 CVE-2009-3597 Digitaldesign Permissions, Privileges, and Access Controls vulnerability in Digitaldesign Ddcms 0.1

Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.

5.0
2009-10-08 CVE-2009-3591 BEN Webb Improper Input Validation vulnerability in BEN Webb Dopewars 1.5.12

Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.

5.0
2009-10-06 CVE-2009-3568 Drupal
Dave Reid
Gabor Hojtsy
Permissions, Privileges, and Access Controls vulnerability in multiple products

Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.

5.0
2009-10-05 CVE-2009-3561 Xerver Path Traversal vulnerability in Xerver 4.32

Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.

5.0
2009-10-05 CVE-2009-3544 Xerver Information Exposure vulnerability in Xerver 4.32

Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.

5.0
2009-10-06 CVE-2009-3572 Openbsd Local Denial of Service vulnerability in Openbsd 4.4/4.5/4.6

OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors.

4.9
2009-10-06 CVE-2009-3564 Reductivelabs
Centos
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in Reductivelabs Puppet 0.24.6

puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.

4.7
2009-10-08 CVE-2009-3589 Inotify Permissions, Privileges, and Access Controls vulnerability in Inotify Incron 0.5.5

incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table.

4.6
2009-10-11 CVE-2009-3668 Promosi WEB Cross-Site Scripting vulnerability in Promosi-Web Ardguest 1.8

Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1.8 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2009-10-11 CVE-2009-3666 Nullam Cross-Site Scripting vulnerability in Nullam Blog 0.1.2

Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action.

4.3
2009-10-09 CVE-2009-3651 Mikeryan
Drupal
Cross-Site Scripting vulnerability in Mikeryan Browscap

Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3
2009-10-09 CVE-2009-3650 David Strauss
Drupal
Cross-Site Scripting vulnerability in David Strauss DEX 6.X1.0

Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-10-09 CVE-2009-3649 Pbboard Cross-Site Scripting vulnerability in Pbboard 2.0.2

Cross-site scripting (XSS) vulnerability in forums/index.php in Power Bulletin Board (PBBoard) 2.0.2 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a new_topic action.

4.3
2009-10-09 CVE-2009-3647 Yabsoft Cross-Site Scripting vulnerability in Yabsoft Mega File Hosting Script 1.2

Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter.

4.3
2009-10-08 CVE-2009-3601 Scriptsez Cross-Site Scripting vulnerability in Scriptsez Ultimate Poll

Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action.

4.3
2009-10-08 CVE-2009-3599 Freewebscriptz Cross-Site Scripting vulnerability in Freewebscriptz Hubscript 1.0

Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter.

4.3
2009-10-08 CVE-2009-3598 Ecardmax COM Cross-Site Scripting vulnerability in Ecardmax.Com Formxp 2007

Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

4.3
2009-10-08 CVE-2009-3594 Blob Cross-Site Scripting vulnerability in Blob Blog System 1.0/1.1/1.1.1

Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.

4.3
2009-10-08 CVE-2009-3593 Freewebscriptz Cross-Site Scripting vulnerability in Freewebscriptz Freelancers 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php.

4.3
2009-10-08 CVE-2009-3592 Qtmsoft Cross-Site Scripting vulnerability in Qtmsoft X-Cart

Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823.

4.3
2009-10-07 CVE-2009-3579 Mortbay Cross-Site Scripting vulnerability in Mortbay Jetty 6.1.19/6.1.20

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

4.3
2009-10-06 CVE-2009-3567 Kayako Cross-Site Scripting vulnerability in Kayako Esupport and Supportsuite

Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.

4.3
2009-10-07 CVE-2009-2906 Samba Remote Denial of Service vulnerability in Samba Oplock Break Notification

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

4.0
2009-10-05 CVE-2009-3545 Datawizard Improper Input Validation vulnerability in Datawizard Ftpxq Server 3.0

DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-09 CVE-2009-3653 Darren OH
Drupal
Cross-Site Scripting vulnerability in Darren OH XML Sitemap 5.X1.6

Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output.

3.5
2009-10-09 CVE-2009-3652 Moshe Weitzman
Drupal
Cross-Site Scripting vulnerability in Moshe Weitzman Organic Groups

Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.

3.5
2009-10-09 CVE-2009-3648 Apsivam
Drupal
Cross-Site Scripting vulnerability in Apsivam Service Links 6.X1.0

Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names.

3.5
2009-10-05 CVE-2009-3562 Xerver Cross-Site Scripting vulnerability in Xerver 4.32

Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.

2.6
2009-10-07 CVE-2009-2948 Samba Permissions, Privileges, and Access Controls vulnerability in Samba

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.

1.9