Weekly Vulnerabilities Reports > November 16 to 22, 2009
Overview
53 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 50 vendors including Joomla, HP, Drupal, Frontaccounting, and Microsoft. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Information Exposure".
- 50 reported vulnerabilities are remotely exploitables.
- 15 reported vulnerabilities have public exploit available.
- 22 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 46 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 5 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-11-20 | CVE-2009-3842 | HP | Denial of Service vulnerability in HP products Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors. | 10.0 |
2009-11-20 | CVE-2009-4006 | Solarwinds | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. | 10.0 |
2009-11-19 | CVE-2009-3909 | Gimp | Integer Overflow or Wraparound vulnerability in Gimp 2.6.7 Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. | 9.3 |
2009-11-18 | CVE-2009-3976 | Labtam INC | Buffer Errors vulnerability in Labtam-Inc Proftp 2.9 Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message). | 9.3 |
2009-11-18 | CVE-2009-3969 | Faslo | Buffer Errors vulnerability in Faslo Player 7.0 Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | 9.3 |
2009-11-16 | CVE-2009-3947 | Tandberg | Buffer Errors vulnerability in Tandberg MXP Endpoints F7.0 Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denial of service (process crash or device reboot) or possibly execute arbitrary code via a long USER command, as demonstrated by a command ending with many space characters. | 9.3 |
2009-11-17 | CVE-2009-3841 | HP Microsoft | Remote Code Execution vulnerability in HP Discovery and Dependency Mapping Inventory Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. | 9.0 |
20 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-11-20 | CVE-2009-4004 | Linux | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks. | 7.8 |
2009-11-17 | CVE-2009-3962 | 2Wire | Improper Input Validation vulnerability in 2Wire products The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt program on TCP port 50001, a related issue to CVE-2006-4523. | 7.8 |
2009-11-20 | CVE-2009-4046 | Frontaccounting | SQL Injection vulnerability in Frontaccounting 2.2 Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/. | 7.5 |
2009-11-20 | CVE-2009-4045 | Frontaccounting | SQL Injection vulnerability in Frontaccounting Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/. | 7.5 |
2009-11-20 | CVE-2009-4044 | Bruno Massa Drupal | Permissions, Privileges, and Access Controls vulnerability in Bruno Massa web Services 6.X1.0 The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. | 7.5 |
2009-11-20 | CVE-2009-4037 | Frontaccounting | SQL Injection vulnerability in Frontaccounting Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/. | 7.5 |
2009-11-20 | CVE-2009-3553 | Apple Fedoraproject Canonical Debian Redhat | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
2009-11-18 | CVE-2009-3974 | Invisionpower | SQL Injection vulnerability in Invisioncommunity Invision Power Board 3.0.0/3.0.1/3.0.2 Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. | 7.5 |
2009-11-18 | CVE-2009-3973 | Turnkeyarcade | SQL Injection vulnerability in Turnkeyarcade Turnkey Arcade Script SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629. | 7.5 |
2009-11-18 | CVE-2009-3972 | Joomla Qproje | SQL Injection vulnerability in Qproje COM Siirler 1.2 SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php. | 7.5 |
2009-11-18 | CVE-2009-3971 | Joomla Jtips | SQL Injection vulnerability in Jtips COM Jtips 1.0.7/1.0.9 SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php. | 7.5 |
2009-11-18 | CVE-2009-3968 | Itechscripts | SQL Injection vulnerability in Itechscripts Itechbids 8.0 Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. | 7.5 |
2009-11-18 | CVE-2009-3967 | ED Charkow | SQL Injection vulnerability in ED Charkow Supercharged Linking SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-11-18 | CVE-2009-3966 | Arcadetradescript | Improper Authentication vulnerability in Arcadetradescript Arcade Trade Script 1.0 Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true. | 7.5 |
2009-11-18 | CVE-2009-3965 | Maniacomputer | SQL Injection vulnerability in Maniacomputer New5Starrating 1.0 SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter. | 7.5 |
2009-11-18 | CVE-2009-3964 | Joomla Ninjaforge | SQL Injection vulnerability in Ninjaforge COM Ninjamonials 1.1.0 SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php. | 7.5 |
2009-11-17 | CVE-2009-3963 | Xoops | Multiple Unspecified vulnerability in XOOPS Versions Prior to 2.4.0 Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. | 7.5 |
2009-11-17 | CVE-2009-3961 | JOS DE Ruijter | SQL Injection vulnerability in JOS DE Ruijter Superseriousstats SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information. | 7.5 |
2009-11-16 | CVE-2009-3949 | Vivaprograms | Permissions, Privileges, and Access Controls vulnerability in Vivaprograms Infinity Script 2.0.0 cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters. | 7.5 |
2009-11-16 | CVE-2009-3939 | Linux Redhat Canonical Debian Avaya Suse Opensuse | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | 7.1 |
24 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-11-18 | CVE-2009-3975 | Moagallery | SQL Injection vulnerability in Moagallery MOA 1.1.0/1.2.0 SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action. | 6.8 |
2009-11-16 | CVE-2009-2746 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2009-11-18 | CVE-2009-3970 | Phpdirsubmit | SQL Injection vulnerability in PHPdirsubmit PHP DIR Submit SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action. | 6.5 |
2009-11-16 | CVE-2009-3942 | Martin Lambers | Cryptographic Issues vulnerability in Martin Lambers Msmtp Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 6.4 |
2009-11-17 | CVE-2009-3890 | Wordpress | Code Injection vulnerability in Wordpress Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename. | 6.0 |
2009-11-16 | CVE-2009-3945 | Joomla | Remote Security vulnerability in Joomla! Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. | 5.5 |
2009-11-20 | CVE-2009-4041 | Usebb | Remote Denial Of Service vulnerability in Usebb 1.0.9 UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags. | 5.0 |
2009-11-20 | CVE-2005-4882 | Philippe Jounin | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Philippe Jounin Tftpd32 tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse Simple Imager (WSI) and other products, allows remote attackers to cause a denial of service (daemon crash) via a long filename in a TFTP read (aka RRQ or get) request, a different vulnerability than CVE-2002-2226. | 5.0 |
2009-11-20 | CVE-2009-3386 | Mozilla | Information Exposure vulnerability in Mozilla Bugzilla Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. | 5.0 |
2009-11-19 | CVE-2009-3977 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.53 Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. | 5.0 |
2009-11-19 | CVE-2009-3840 | HP | Denial of Service vulnerability in HP OpenView Network Node Manager 'ovdbrun.exe' The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet. | 5.0 |
2009-11-16 | CVE-2009-3946 | Joomla | Information Exposure vulnerability in Joomla Joomla! Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. | 5.0 |
2009-11-16 | CVE-2009-3944 | RIM | Denial-Of-Service vulnerability in RIM Blackberry 8800 and Blackberry Browser Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. | 5.0 |
2009-11-16 | CVE-2009-3943 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. | 5.0 |
2009-11-16 | CVE-2009-3941 | Martin Lambers | Cryptographic Issues vulnerability in Martin Lambers Mpop Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 5.0 |
2009-11-20 | CVE-2009-4043 | Drupal Patrick Przybilla | Cross-Site Scripting vulnerability in Patrick Przybilla Addtoany Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title. | 4.3 |
2009-11-20 | CVE-2009-4042 | Drupal Marek Sotak | Cross-Site Scripting vulnerability in Marek Sotak Rootcandy Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
2009-11-20 | CVE-2009-4040 | Phpmyfaq | Cross-Site Scripting vulnerability in PHPmyfaq Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page. | 4.3 |
2009-11-20 | CVE-2009-4039 | Piwigo | Cross-Site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-11-20 | CVE-2009-4038 | NCH | Cross-Site Scripting vulnerability in NCH Axon Virtual PBX 2.10/2.11 Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) onok or (2) oncancel parameter to the logon program. | 4.3 |
2009-11-20 | CVE-2005-4883 | Philippe Jounin | Race Condition vulnerability in Philippe Jounin Tftpd32 Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid "connect frames." | 4.3 |
2009-11-19 | CVE-2009-3978 | Mozilla | Unspecified vulnerability in Mozilla Firefox The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. | 4.3 |
2009-11-16 | CVE-2009-3950 | Bract | Cross-Site Scripting vulnerability in Bract Suntrack Multiple cross-site scripting (XSS) vulnerabilities in Bractus SunTrack allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to newprofile.html; the (2) firstname, (3) lastname, and (4) company parameters to signup/signup.html; and the (5) firstname, (6) lastname, and (7) address[0].street1 parameters to contact.html. | 4.3 |
2009-11-16 | CVE-2009-3948 | Cowonamerica | Resource Management Errors vulnerability in Cowonamerica Cowon Media Center-Jetaudio 7.5.3 JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a denial of service (memory consumption and application crash) via a long string at the end of a .wav file. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-11-17 | CVE-2009-3891 | Wordpress | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). | 3.5 |
2009-11-16 | CVE-2009-3940 | SUN | Unspecified vulnerability in SUN Virtualbox and XVM Virtualbox Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. | 2.1 |