Weekly Vulnerabilities Reports > October 5 to 11, 2009
Overview
57 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 55 products from 53 vendors including Drupal, Joomla, Nullam, Freewebscriptz, and Xerver. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".
- 52 reported vulnerabilities are remotely exploitables.
- 19 reported vulnerabilities have public exploit available.
- 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 53 reported vulnerabilities are exploitable by an anonymous user.
- Drupal has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Openoffice has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-11 | CVE-2009-3663 | Jasper | USE of Externally-Controlled Format String vulnerability in Jasper Httpdx 1.4 Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header. | 10.0 |
| 2009-10-07 | CVE-2009-3575 | Tatsuhiro Tsujikawa | Buffer Overflow vulnerability in aria2 'DHTRoutingTableDeserializer::deserialize()' Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2009-10-06 | CVE-2009-3570 | Openoffice | Remote Security vulnerability in OpenOffice Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. | 10.0 |
| 2009-10-11 | CVE-2009-3670 | Ksplayer | Buffer Errors vulnerability in Ksplayer KSP Sound Player 2009 Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file. | 9.3 |
| 2009-10-06 | CVE-2009-3574 | Tony Million | Buffer Errors vulnerability in Tony Million Tuniac 090517C Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow. | 9.3 |
| 2009-10-06 | CVE-2009-3571 | Openoffice | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Openoffice.Org Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. | 9.3 |
| 2009-10-06 | CVE-2009-3569 | Apache | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Openoffice.Org Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable information. | 9.3 |
14 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-09 | CVE-2009-3658 | AOL | Use After Free vulnerability in AOL Superbuddy Activex Control 9.5.0.1 Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method. | 8.8 |
| 2009-10-05 | CVE-2009-2679 | HP | Remote Denial Of Service vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31 Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors. | 7.8 |
| 2009-10-11 | CVE-2009-3669 | Foobla Joomla | SQL Injection vulnerability in Foobla COM Foobla Suggestions 1.5.11 SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php. | 7.5 |
| 2009-10-11 | CVE-2009-3667 | Adsdx | SQL Injection vulnerability in Adsdx 3.05 SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username. | 7.5 |
| 2009-10-11 | CVE-2009-3665 | Nullam | SQL Injection vulnerability in Nullam Blog 0.1.2 Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action. | 7.5 |
| 2009-10-11 | CVE-2009-3664 | Nullam | Path Traversal vulnerability in Nullam Blog 0.1.2 Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. | 7.5 |
| 2009-10-11 | CVE-2009-3659 | Stanback | SQL Injection vulnerability in Stanback BS Counter 2.5.3 SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2009-10-09 | CVE-2009-3645 | Joomla Joomlacache | SQL Injection vulnerability in Joomlacache COM Cbresumebuilder SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php. | 7.5 |
| 2009-10-09 | CVE-2009-3644 | Joomla Soundset | SQL Injection vulnerability in Soundset COM Soundset 1.0 SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php. | 7.5 |
| 2009-10-09 | CVE-2009-3642 | Frontrange | SQL Injection vulnerability in Frontrange Heat 8.01 Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
| 2009-10-08 | CVE-2009-3596 | Joxtechnology | Permissions, Privileges, and Access Controls vulnerability in Joxtechnology Ajox Poll JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request. | 7.5 |
| 2009-10-08 | CVE-2009-3595 | Vspanel | SQL Injection vulnerability in Vspanel VS Panel 7.5.5 SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590. | 7.5 |
| 2009-10-08 | CVE-2009-3590 | Vspanel | SQL Injection vulnerability in Vspanel VS Panel 7.3.6 SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter. | 7.5 |
| 2009-10-05 | CVE-2009-3525 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN 3.0.3/3.3.0/3.3.1 The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. | 7.2 |
32 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-06 | CVE-2009-3527 | Freebsd | Race Condition vulnerability in Freebsd 6.3/6.4 Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. | 6.9 |
| 2009-10-11 | CVE-2009-3661 | Blueconstantmedia Joomla | SQL Injection vulnerability in Blueconstantmedia COM Djcatalog Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php. | 6.8 |
| 2009-10-11 | CVE-2009-3660 | Efrontlearning | Code Injection vulnerability in Efrontlearning Efront PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 6.8 |
| 2009-10-09 | CVE-2009-3656 | Drupal TIM Nelson | Cross-Site Request Forgery (CSRF) vulnerability in TIM Nelson Shared Sign-On 5.X/6.X Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | 6.8 |
| 2009-10-09 | CVE-2009-3654 | 316Solutions Drupal | Unspecified vulnerability in 316Solutions Boost Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | 6.4 |
| 2009-10-09 | CVE-2009-3657 | TIM Nelson Drupal | Improper Authentication vulnerability in TIM Nelson Shared Sign-On 5.X/6.X Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |
| 2009-10-11 | CVE-2009-3662 | Filecopa Ftpserver | Denial Of Service vulnerability in Filecopa-Ftpserver FTP Server 5.01 FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands. | 5.0 |
| 2009-10-09 | CVE-2009-3655 | Solarwinds | Denial-Of-Service vulnerability in Serv-U Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command. | 5.0 |
| 2009-10-09 | CVE-2009-3646 | Intervations | Information Exposure vulnerability in Intervations Navicopa web Server 3.01 InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. | 5.0 |
| 2009-10-09 | CVE-2009-3643 | Dxmsoft | Denial-Of-Service vulnerability in Dxmsoft XM Easy Personal FTP Server 5.8.0 Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728. | 5.0 |
| 2009-10-08 | CVE-2009-3600 | Freewebscriptz | Information Exposure vulnerability in Freewebscriptz Hubscript 1.0 HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function. | 5.0 |
| 2009-10-08 | CVE-2009-3591 | BEN Webb | Improper Input Validation vulnerability in BEN Webb Dopewars 1.5.12 Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location. | 5.0 |
| 2009-10-06 | CVE-2009-3568 | Drupal Dave Reid Gabor Hojtsy | Permissions, Privileges, and Access Controls vulnerability in multiple products Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. | 5.0 |
| 2009-10-05 | CVE-2009-3561 | Xerver | Path Traversal vulnerability in Xerver 4.32 Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action. | 5.0 |
| 2009-10-05 | CVE-2009-3544 | Xerver | Information Exposure vulnerability in Xerver 4.32 Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. | 5.0 |
| 2009-10-06 | CVE-2009-3572 | Openbsd | Local Denial of Service vulnerability in Openbsd 4.4/4.5/4.6 OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors. | 4.9 |
| 2009-10-06 | CVE-2009-3564 | Reductivelabs Centos Fedoraproject | Permissions, Privileges, and Access Controls vulnerability in Reductivelabs Puppet 0.24.6 puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files. | 4.7 |
| 2009-10-08 | CVE-2009-3589 | Inotify | Permissions, Privileges, and Access Controls vulnerability in Inotify Incron 0.5.5 incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table. | 4.6 |
| 2009-10-11 | CVE-2009-3668 | Promosi WEB | Cross-Site Scripting vulnerability in Promosi-Web Ardguest 1.8 Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1.8 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
| 2009-10-11 | CVE-2009-3666 | Nullam | Cross-Site Scripting vulnerability in Nullam Blog 0.1.2 Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action. | 4.3 |
| 2009-10-09 | CVE-2009-3651 | Mikeryan Drupal | Cross-Site Scripting vulnerability in Mikeryan Browscap Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | 4.3 |
| 2009-10-09 | CVE-2009-3650 | David Strauss Drupal | Cross-Site Scripting vulnerability in David Strauss DEX 6.X1.0 Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-10-09 | CVE-2009-3647 | Yabsoft | Cross-Site Scripting vulnerability in Yabsoft Mega File Hosting Script 1.2 Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. | 4.3 |
| 2009-10-08 | CVE-2009-3601 | Scriptsez | Cross-Site Scripting vulnerability in Scriptsez Ultimate Poll Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action. | 4.3 |
| 2009-10-08 | CVE-2009-3599 | Freewebscriptz | Cross-Site Scripting vulnerability in Freewebscriptz Hubscript 1.0 Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter. | 4.3 |
| 2009-10-08 | CVE-2009-3598 | Ecardmax COM | Cross-Site Scripting vulnerability in Ecardmax.Com Formxp 2007 Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | 4.3 |
| 2009-10-08 | CVE-2009-3594 | Blob | Cross-Site Scripting vulnerability in Blob Blog System 1.0/1.1/1.1.1 Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. | 4.3 |
| 2009-10-08 | CVE-2009-3593 | Freewebscriptz | Cross-Site Scripting vulnerability in Freewebscriptz Freelancers 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to placebid.php and (2) jobid parameter to post_resume.php. | 4.3 |
| 2009-10-08 | CVE-2009-3592 | Qtmsoft | Cross-Site Scripting vulnerability in Qtmsoft X-Cart Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823. | 4.3 |
| 2009-10-07 | CVE-2009-3579 | Mortbay | Cross-Site Scripting vulnerability in Mortbay Jetty 6.1.19/6.1.20 Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/. | 4.3 |
| 2009-10-06 | CVE-2009-3567 | Kayako | Cross-Site Scripting vulnerability in Kayako Esupport and Supportsuite Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145. | 4.3 |
| 2009-10-05 | CVE-2009-3545 | Datawizard | Improper Input Validation vulnerability in Datawizard Ftpxq Server 3.0 DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command. | 4.0 |
4 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-09 | CVE-2009-3653 | Darren OH Drupal | Cross-Site Scripting vulnerability in Darren OH XML Sitemap 5.X1.6 Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output. | 3.5 |
| 2009-10-09 | CVE-2009-3652 | Moshe Weitzman Drupal | Cross-Site Scripting vulnerability in Moshe Weitzman Organic Groups Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. | 3.5 |
| 2009-10-09 | CVE-2009-3648 | Apsivam Drupal | Cross-Site Scripting vulnerability in Apsivam Service Links 6.X1.0 Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. | 3.5 |
| 2009-10-05 | CVE-2009-3562 | Xerver | Cross-Site Scripting vulnerability in Xerver 4.32 Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. | 2.6 |