Weekly Vulnerabilities Reports > October 26 to November 1, 2009

Overview

72 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 53 products from 48 vendors including Mozilla, Drupal, Linux, Wireshark, and Typo3. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".

  • 69 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 68 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

21 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-29 CVE-2009-3383 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox 3.5.1/3.5.2/3.5.3

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-10-29 CVE-2009-3382 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox

layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10.0
2009-10-29 CVE-2009-3381 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox 3.5.1/3.5.2/3.5.3

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-10-29 CVE-2009-3380 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-10-29 CVE-2009-3379 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox 3.5.1/3.5.2/3.5.3

Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-10-29 CVE-2009-3377 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2009-10-29 CVE-2009-3373 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2009-10-29 CVE-2009-3371 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.

10.0
2009-10-28 CVE-2009-3819 Typo3
URS Maag
Remote Security vulnerability in Maag Randomimage

Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.

10.0
2009-10-28 CVE-2009-3818 Typo3
Stanislas Rolland
Remote Security vulnerability in Sr Freecap

Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.

10.0
2009-10-30 CVE-2009-3831 Opera
Opera Software
Microsoft
Code Injection vulnerability in multiple products

Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.

9.3
2009-10-30 CVE-2009-3829 Wireshark Numeric Errors vulnerability in Wireshark

Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."

9.3
2009-10-29 CVE-2009-3378 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox 3.5.1/3.5.2/3.5.3

The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.

9.3
2009-10-29 CVE-2009-3376 Mozilla Configuration vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.

9.3
2009-10-29 CVE-2009-3372 Mozilla Unspecified vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

9.3
2009-10-27 CVE-2009-3812 Otslabs Buffer Errors vulnerability in Otslabs Otsav DJ, Otsav Radio and Otsav TV

Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.

9.3
2009-10-27 CVE-2009-3811 Assistanttools Buffer Errors vulnerability in Assistanttools Music TAG Editor 1.61

Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag.

9.3
2009-10-27 CVE-2009-3810 Acoustica Buffer Errors vulnerability in Acoustica MP3 Audio Mixer 2.471

Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.

9.3
2009-10-27 CVE-2009-3808 Kramware Unspecified vulnerability in Kramware Mixsense DJ Studio 1.0.0.1

MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file.

9.3
2009-10-27 CVE-2009-3807 Mixvibes Buffer Errors vulnerability in Mixvibes 7.043

Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.

9.3
2009-10-26 CVE-2009-3790 Cutepdf Buffer Errors vulnerability in Cutepdf Formmax 3.5

Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file.

9.3

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-30 CVE-2009-3623 Linux Improper Authentication vulnerability in Linux Kernel

The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.

7.8
2009-10-29 CVE-2009-3374 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."

7.5
2009-10-28 CVE-2009-3825 Thomas Graber Path Traversal vulnerability in Thomas Graber Gencms 2006

Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2009-10-28 CVE-2009-3824 Michael J Greenwood Path Traversal vulnerability in Michael J Greenwood PHP Content Manager 0.3.2

Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-10-28 CVE-2009-3822 Joomla
Fijiwebdesign
Code Injection vulnerability in Fijiwebdesign COM Ajaxchat 1.0

PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.

7.5
2009-10-28 CVE-2009-3820 Typo3
Flagbit
SQL Injection vulnerability in Flagbit FB Filebase 0.1.0

SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-10-28 CVE-2009-3817 Joomla
Ordasoft
Code Injection vulnerability in Ordasoft COM Booklibrary 1.0

PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637.

7.5
2009-10-27 CVE-2009-3806 Dedecms SQL Injection vulnerability in Dedecms 5.1

SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.

7.5
2009-10-27 CVE-2009-3801 Opendocman SQL Injection vulnerability in Opendocman 1.2.5

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter.

7.5
2009-10-26 CVE-2009-3788 Opendocman SQL Injection vulnerability in Opendocman 1.2.5

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.

7.5
2009-10-26 CVE-2009-3781 Drupal
Quicksketch
Permissions, Privileges, and Access Controls vulnerability in Quicksketch Filefield 6.X3.1

The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.

7.5
2009-10-26 CVE-2009-3778 Adam Gerson
Drupal
SQL Injection vulnerability in Adam Gerson Moodle Courselist 6.X1.2

SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-10-26 CVE-2009-3625 Sahana Path Traversal vulnerability in Sahana 0.6.2.2

Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-10-29 CVE-2009-3638 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.

7.2
2009-10-30 CVE-2009-3722 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.

7.1

34 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-26 CVE-2009-3785 Drupal
Sjoerd Arendsen
Cross-Site Request Forgery (CSRF) vulnerability in Sjoerd Arendsen Simplenews Statistics

Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

6.8
2009-10-26 CVE-2009-3784 Drupal
Sjoerd Arendsen
Cross-Site Request Forgery (CSRF) vulnerability in Sjoerd Arendsen Simplenews Statistics

Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.8
2009-10-27 CVE-2009-3814 Runcms Code Injection vulnerability in Runcms 2M1

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters.

6.5
2009-10-27 CVE-2009-3813 Runcms SQL Injection vulnerability in Runcms 2M1

Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php.

6.5
2009-10-27 CVE-2009-3804 Runcms SQL Injection vulnerability in Runcms 2M1

Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.

6.5
2009-10-30 CVE-2009-3832 Opera
Opera Software
Microsoft
Improper Input Validation vulnerability in multiple products

Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

5.8
2009-10-28 CVE-2009-3639 Proftpd Cryptographic Issues vulnerability in Proftpd

The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

5.8
2009-10-30 CVE-2009-3830 Microsoft Improper Input Validation vulnerability in Microsoft Sharepoint Server 2007

The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.

5.0
2009-10-30 CVE-2009-3551 Wireshark Numeric Errors vulnerability in Wireshark 1.2/1.2.0/1.2.1

Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.

5.0
2009-10-30 CVE-2009-3549 Wireshark
SUN
Improper Input Validation vulnerability in Wireshark 1.2/1.2.0/1.2.1

packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.

5.0
2009-10-30 CVE-2009-3828 Everfocus Improper Authentication vulnerability in Everfocus Edr1600

The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors.

5.0
2009-10-29 CVE-2009-3626 Perl Remote Denial of Service vulnerability in Perl 5.10.1

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

5.0
2009-10-29 CVE-2009-3370 Mozilla Unspecified vulnerability in Mozilla Firefox

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.

5.0
2009-10-28 CVE-2009-3826 Squidguard Buffer Errors vulnerability in Squidguard 1.4

Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL.

5.0
2009-10-28 CVE-2009-3700 Squidguard Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Squidguard 1.3/1.4

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode."

5.0
2009-10-27 CVE-2009-3815 Runcms Information Exposure vulnerability in Runcms 2M1

RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function.

5.0
2009-10-27 CVE-2009-3802 Amirocms Improper Input Validation vulnerability in Amirocms Amiro.Cms

Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message.

5.0
2009-10-26 CVE-2009-3787 Vivvo Path Traversal vulnerability in Vivvo 4.1.5.1

files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two .

5.0
2009-10-29 CVE-2009-3640 Linux Improper Input Validation vulnerability in Linux Kernel

The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function.

4.9
2009-10-30 CVE-2009-3550 Wireshark Multiple vulnerability in Wireshark 1.2.2 and 1.0.9

The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace.

4.3
2009-10-29 CVE-2009-3627 Derrick Oswald Improper Input Validation vulnerability in Derrick Oswald Html-Parser

The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.

4.3
2009-10-29 CVE-2009-3375 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.

4.3
2009-10-28 CVE-2009-3641 Snort Denial Of Service vulnerability in Snort

Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.

4.3
2009-10-28 CVE-2009-3823 Ac4P Path Traversal vulnerability in Ac4P Mobilelib Gold 3.0

Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a ..

4.3
2009-10-28 CVE-2009-3821 Typo3
Apache
Cross-Site Scripting vulnerability in Apache Solr 1.0.0

Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-10-28 CVE-2009-3816 IBM Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0.0

Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-10-27 CVE-2009-3809 Acoustica Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Acoustica MP3 Audio Mixer 1.0/2.471

Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file.

4.3
2009-10-27 CVE-2009-3805 KDE Apps
Gpg4Win
Remote Denial of Service vulnerability in Gpg4Win 2.0.1

gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.

4.3
2009-10-27 CVE-2009-3803 Amirocms Cross-Site Scripting vulnerability in Amirocms Amiro.Cms

Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to (6) forum.php, (7) discussion.php, (8) guestbook.php, (9) blog.php, (10) news.php, (11) srv_updates.php, (12) srv_backups.php, (13) srv_twist_prevention.php, (14) srv_tags.php, (15) srv_tags_reindex.php, (16) google_sitemap.php, (17) sitemap_history.php, (18) srv_options.php, (19) locales.php and (20) plugins_wizard.php in _admin/; a crafted IMG BBcode tag in the message body of a (21) forum, (22) guestbook, or (23) comment; (24) the content of an avatar file, which is not properly handled by Internet Explorer; and (25) the loginname parameter (aka username) in _admin/index.php.

4.3
2009-10-26 CVE-2009-3789 Opendocman Cross-Site Scripting vulnerability in Opendocman 1.2.5

Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.

4.3
2009-10-26 CVE-2009-3786 Moshe Weitzman
Drupal
Cross-Site Scripting vulnerability in Moshe Weitzman OG Vocab 5.X1.0/5.X1.Xdev

Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.

4.3
2009-10-26 CVE-2009-3783 Drupal
Sjoerd Arendsen
Cross-Site Scripting vulnerability in Sjoerd Arendsen Simplenews Statistics

Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector.

4.3
2009-10-26 CVE-2009-3780 Drupal
Ashok Modi
Cross-Site Scripting vulnerability in Ashok Modi Abuse 5.X1.0/5.X1.Xdev/5.X2.Xdev

Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-10-26 CVE-2009-3779 Drupal
Stefan Auditor
Cross-Site Scripting vulnerability in Stefan Auditor Vcard

Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-10-26 CVE-2009-3611 LE WEB Permissions, Privileges, and Access Controls vulnerability in Le-Web Backintime 0.9.26

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

3.6
2009-10-26 CVE-2009-3782 Drupal
2Bits
Information Exposure vulnerability in 2Bits Userpoints 6.X1.0/6.X1.Xdev

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.

3.5