Weekly Vulnerabilities Reports > October 12 to 18, 2009
Overview
42 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 28 vendors including Microsoft, Apple, Achievo, Maniacomputer, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Numeric Errors", and "Permissions, Privileges, and Access Controls".
- 38 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 39 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-16 | CVE-2009-3710 | Riorey | Credentials Management vulnerability in Riorey Rios 4.6.6/4.7.0 RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022. | 10.0 |
| 2009-10-15 | CVE-2009-3699 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd. | 10.0 |
| 2009-10-16 | CVE-2009-3717 | Lucvil | Buffer Errors vulnerability in Lucvil Patplayer 3.9 Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file. | 9.3 |
| 2009-10-16 | CVE-2009-3709 | Konae | Buffer Errors vulnerability in Konae Alleycode Html Editor 2.21 Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag. | 9.3 |
| 2009-10-16 | CVE-2009-3708 | Konae | Buffer Errors vulnerability in Konae Alleycode Html Editor 2.21 Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a (1) description or (2) keyword META tag. | 9.3 |
| 2009-10-14 | CVE-2009-2527 | Microsoft | Buffer Errors vulnerability in Microsoft Windows Media Player 6.4 Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." | 9.3 |
| 2009-10-14 | CVE-2009-2518 | Microsoft | Numeric Errors vulnerability in Microsoft Office XP Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability." | 9.3 |
| 2009-10-14 | CVE-2009-2507 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." | 9.3 |
| 2009-10-14 | CVE-2009-0555 | Microsoft | Code Injection vulnerability in Microsoft products Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." | 9.3 |
| 2009-10-13 | CVE-2009-3693 | Persits HP | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. | 9.3 |
| 2009-10-13 | CVE-2009-3691 | IBM | Numeric Errors vulnerability in IBM Informix Client SDK and Informix Connect Runtime Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. | 9.3 |
| 2009-10-13 | CVE-2009-3587 | Broadcom CA | Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. | 9.3 |
| 2009-10-13 | CVE-2009-3459 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat, Acrobat Reader and Reader Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. | 9.3 |
12 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-16 | CVE-2009-3282 | Vmware Apple | Numeric Errors vulnerability in VMWare Fusion Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | 7.8 |
| 2009-10-16 | CVE-2009-2874 | Cisco | Denial of Service vulnerability in Cisco Unified Presence TimesTenD Process The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. | 7.8 |
| 2009-10-16 | CVE-2009-3718 | Davethewebguy | SQL Injection vulnerability in Davethewebguy Battle Blog 1.25/1.30 SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter. | 7.5 |
| 2009-10-16 | CVE-2009-3713 | Morcego | SQL Injection vulnerability in Morcego Morcegocms 0.9.6/1.1.0/1.5.0 SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string. | 7.5 |
| 2009-10-16 | CVE-2009-3712 | Ebayclonescript | SQL Injection vulnerability in Ebayclonescript Ebay Clone 2009 Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php; and the item_id parameter to (2) view_full_size.php, (3) classifide_ad.php, and (4) crosspromoteitems.php. | 7.5 |
| 2009-10-16 | CVE-2009-3705 | Achievo | Code Injection vulnerability in Achievo PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | 7.5 |
| 2009-10-16 | CVE-2009-3697 | Phpmyadmin | SQL Injection vulnerability in PHPmyadmin SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. | 7.5 |
| 2009-10-16 | CVE-2009-2734 | Achievo | SQL Injection vulnerability in Achievo SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php. | 7.5 |
| 2009-10-13 | CVE-2009-3602 | Nlnetlabs | Cryptographic Issues vulnerability in Nlnetlabs Unbound Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses. | 7.5 |
| 2009-10-13 | CVE-2009-2699 | Apache | Improper Locking vulnerability in Apache Http Server and Portable Runtime The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs. | 7.5 |
| 2009-10-16 | CVE-2009-3281 | Vmware Apple | Permissions, Privileges, and Access Controls vulnerability in VMWare Fusion The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | 7.2 |
| 2009-10-13 | CVE-2009-3692 | SUN Apple Linux | Local Privilege Escalation vulnerability in Sun VirtualBox VBoxNetAdpCtl Configuration Tool Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. | 7.2 |
15 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-16 | CVE-2009-3715 | Maniacomputer | SQL Injection vulnerability in Maniacomputer Mcshoutbox 1.1 Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 6.8 |
| 2009-10-13 | CVE-2009-3694 | Jdtmmsm | Path Traversal vulnerability in Jdtmmsm Ezrecipe-Zee 91 Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-10-16 | CVE-2009-3716 | Maniacomputer | Permissions, Privileges, and Access Controls vulnerability in Maniacomputer Mcshoutbox 1.1 Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/. | 6.5 |
| 2009-10-16 | CVE-2009-3704 | Zoiper | Denial-Of-Service vulnerability in Zoiper 2.0/2.10/2.11 ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service (crash) via a SIP INVITE request with an empty Call-Info header. | 5.0 |
| 2009-10-13 | CVE-2009-3695 | Djangoproject | Remote Denial of Service vulnerability in Django 'EmailField' and 'URLField' Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. | 5.0 |
| 2009-10-14 | CVE-2009-2517 | Microsoft | Resource Management Errors vulnerability in Microsoft Windows Server 2003 The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." | 4.9 |
| 2009-10-16 | CVE-2009-3706 | SUN | Unspecified vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via certain uses of the chown system call. | 4.4 |
| 2009-10-16 | CVE-2009-3719 | Davethewebguy | Cross-Site Scripting vulnerability in Davethewebguy Battle Blog 1.25/1.30 Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment. | 4.3 |
| 2009-10-16 | CVE-2009-3714 | Maniacomputer | Cross-Site Scripting vulnerability in Maniacomputer Mcshoutbox 1.1 Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter. | 4.3 |
| 2009-10-16 | CVE-2009-3696 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. | 4.3 |
| 2009-10-16 | CVE-2009-2733 | Achievo | Cross-Site Scripting vulnerability in Achievo Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php. | 4.3 |
| 2009-10-15 | CVE-2009-3030 | Symantec | Cross-Site Scripting vulnerability in Symantec Securityexpressions Audit and Compliance Server 4.1 Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue." | 4.3 |
| 2009-10-13 | CVE-2009-3588 | Broadcom CA | Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. | 4.3 |
| 2009-10-13 | CVE-2009-2897 | Springsource | Cross-Site Scripting vulnerability in Springsource Application Management Suite, Hyperic HQ and TC Server Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. | 4.3 |
| 2009-10-13 | CVE-2009-2684 | HP | Cross-Site Scripting vulnerability in HP products Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script. | 4.3 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-10-15 | CVE-2009-3029 | Symantec | Cross-Site Scripting vulnerability in Symantec Securityexpressions Audit and Compliance Server 4.1 Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages. | 3.5 |
| 2009-10-13 | CVE-2009-2898 | Springsource | Cross-Site Scripting vulnerability in Springsource Application Management Suite, Hyperic HQ and TC Server Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. | 3.5 |