Weekly Vulnerabilities Reports > November 23 to 29, 2009
Overview
78 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 70 products from 59 vendors including Drupal, Joomla, Pear, Telepark, and Autodesk. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "SQL Injection", "Code Injection", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 72 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 71 reported vulnerabilities are exploitable by an anonymous user.
- Drupal has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Autodesk has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-11-29 | CVE-2009-4025 | Pear | OS Command Injection vulnerability in Pear 0.11/0.20/0.21 Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. | 10.0 |
2009-11-29 | CVE-2009-4024 | Pear | Code Injection vulnerability in Pear Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. | 10.0 |
2009-11-24 | CVE-2009-4072 | Opera | Remote Security vulnerability in Opera Web Browser Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." | 10.0 |
2009-11-24 | CVE-2009-3843 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Operations Manager 8.10 HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. | 10.0 |
2009-11-29 | CVE-2009-4107 | Amplusnet | Buffer Errors vulnerability in Amplusnet Invisible Browsing 5.0.52 Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string. | 9.3 |
2009-11-29 | CVE-2009-4103 | Robo FTP | Buffer Errors vulnerability in Robo-Ftp 3.6.17 Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. | 9.3 |
2009-11-29 | CVE-2009-4102 | Sage Mozdev Mozilla | Improper Input Validation vulnerability in multiple products Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | 9.3 |
2009-11-29 | CVE-2009-4101 | Didier Ernotte Mozilla | Improper Input Validation vulnerability in Didier Ernotte Inforss infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | 9.3 |
2009-11-29 | CVE-2009-4100 | Yoono Mozilla | Improper Input Validation vulnerability in Yoono Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. | 9.3 |
2009-11-29 | CVE-2009-4097 | Malsmith | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Malsmith Serenity Audio Player Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. | 9.3 |
2009-11-25 | CVE-2009-3033 | Symantec | Buffer Errors vulnerability in Symantec products Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument. | 9.3 |
2009-11-24 | CVE-2009-3578 | Autodesk | Code Injection vulnerability in Autodesk Alias Wavefront Maya and Autodesk Maya Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes." | 9.3 |
2009-11-24 | CVE-2009-3577 | Autodesk | Code Injection vulnerability in Autodesk 3DS MAX Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks." | 9.3 |
2009-11-24 | CVE-2009-3576 | Autodesk | Code Injection vulnerability in Autodesk Softimage and Autodesk Softimage XSI Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control. | 9.3 |
17 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-11-29 | CVE-2009-4106 | Ohloh | Improper Input Validation vulnerability in Ohloh Agoko CMS Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters. | 7.5 |
2009-11-29 | CVE-2009-4104 | Joomla Lyften | SQL Injection vulnerability in Lyften COM Lyftenbloggie 1.0.4 SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php. | 7.5 |
2009-11-29 | CVE-2009-4099 | G4J Laoneo Joomla | SQL Injection vulnerability in G4J.Laoneo COM Gcalendar 1.1.2/2.1.4 SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. | 7.5 |
2009-11-29 | CVE-2009-4096 | Scriptlerim | Credentials Management vulnerability in Scriptlerim Radio Isetek Scripti 2.5 RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc. | 7.5 |
2009-11-29 | CVE-2009-4095 | Companionway | Improper Authentication vulnerability in Companionway Myphile 1.2.1 myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. | 7.5 |
2009-11-29 | CVE-2009-4090 | Telepark | Improper Input Validation vulnerability in Telepark Telepark.Wiki Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte. | 7.5 |
2009-11-29 | CVE-2009-4085 | Jabba Laci | Code Injection vulnerability in Jabba Laci PHPtraverser 0.8.0 PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. | 7.5 |
2009-11-29 | CVE-2009-4084 | E107 | SQL Injection vulnerability in E107 SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-11-29 | CVE-2009-4082 | Lanifex | Code Injection vulnerability in Lanifex Outreach Project Tool PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter. | 7.5 |
2009-11-29 | CVE-2009-4023 | Pear | Code Injection vulnerability in Pear 1.1.14 Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. | 7.5 |
2009-11-29 | CVE-2009-4018 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. | 7.5 |
2009-11-24 | CVE-2009-4070 | Gforge | SQL Injection vulnerability in Gforge 4.5.14/4.7.3 SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-11-24 | CVE-2009-4060 | Cubecart | SQL Injection vulnerability in Cubecart SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. | 7.5 |
2009-11-24 | CVE-2009-4058 | Telebidauctionscript | SQL Injection vulnerability in Telebidauctionscript Telebid Auction Script SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
2009-11-24 | CVE-2009-4057 | Joomla Inertialfate | SQL Injection vulnerability in Inertialfate COM IF Nexus 1.1 SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php. | 7.5 |
2009-11-24 | CVE-2009-4056 | Betsy | Path Traversal vulnerability in Betsy CMS 3.5 Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-11-23 | CVE-2009-4049 | Avast | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avast Antivirus Home and Avast Antivirus Professional Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024. | 7.2 |
44 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-11-29 | CVE-2009-3736 | GNU | Local Privilege Escalation vulnerability in GNU Libtool 'libltdl' Library Search Path ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | 6.9 |
2009-11-29 | CVE-2009-4111 | Pear | Code Injection vulnerability in Pear Mail 1.1.14/1.2.0B2 Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. | 6.8 |
2009-11-29 | CVE-2009-4092 | Simplog | Cross-Site Request Forgery (CSRF) vulnerability in Simplog 0.9.3.2 Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords. | 6.8 |
2009-11-29 | CVE-2009-4088 | Telepark | Path Traversal vulnerability in Telepark Telepark.Wiki Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php. | 6.8 |
2009-11-25 | CVE-2009-4079 | Redmine | Cross-Site Request Forgery (CSRF) vulnerability in Redmine Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors. | 6.8 |
2009-11-25 | CVE-2009-4077 | Roundcube | Cross-Site Request Forgery (CSRF) vulnerability in Roundcube Webmail Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076. | 6.8 |
2009-11-25 | CVE-2009-4076 | Roundcube | Cross-Site Request Forgery (CSRF) vulnerability in Roundcube Webmail Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077. | 6.8 |
2009-11-24 | CVE-2009-4066 | Drupal Paul Beaney | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists. | 6.8 |
2009-11-24 | CVE-2009-4059 | Joomla Joomclan | SQL Injection vulnerability in .Joomclan COM Joomclip SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php. | 6.8 |
2009-11-23 | CVE-2009-3558 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. | 6.8 |
2009-11-23 | CVE-2009-4053 | Home FTP Server Project | Path Traversal vulnerability in Home FTP Server Project Home FTP Server 1.10.1.139 Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. | 6.5 |
2009-11-29 | CVE-2009-4098 | Openx | Improper Input Validation vulnerability in Openx Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory. | 6.0 |
2009-11-24 | CVE-2009-4071 | Opera | Configuration vulnerability in Opera Browser Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. | 5.8 |
2009-11-24 | CVE-2009-3897 | Dovecot | Incorrect Permission Assignment for Critical Resource vulnerability in Dovecot Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. | 5.5 |
2009-11-29 | CVE-2009-4109 | Dotnetnuke | Information Exposure vulnerability in Dotnetnuke The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information. | 5.0 |
2009-11-29 | CVE-2009-4091 | Simplog | Permissions, Privileges, and Access Controls vulnerability in Simplog 0.9.3.2 comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action. | 5.0 |
2009-11-29 | CVE-2009-4089 | Telepark | Improper Authentication vulnerability in Telepark Telepark.Wiki 2.4.23 telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php. | 5.0 |
2009-11-29 | CVE-2009-4086 | Javascript | Improper Input Validation vulnerability in Javascript Xerver Http Server 4.31/4.32 CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. | 5.0 |
2009-11-25 | CVE-2009-4075 | SUN | Remote Denial Of Service vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread." | 5.0 |
2009-11-24 | CVE-2009-4073 | Microsoft | Information Exposure vulnerability in Microsoft Internet Explorer The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. | 5.0 |
2009-11-24 | CVE-2009-3896 | F5 Nginx | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | 5.0 |
2009-11-23 | CVE-2009-4051 | Downstairs Dnsalias | Improper Input Validation vulnerability in Downstairs.Dnsalias Home FTP Server 1.10.1.139 Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands. | 5.0 |
2009-11-23 | CVE-2009-4050 | Phpmybackuppro | Path Traversal vulnerability in PHPmybackuppro 2.1 Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. | 5.0 |
2009-11-23 | CVE-2009-3557 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. | 5.0 |
2009-11-24 | CVE-2009-3898 | F5 Nginx | Path Traversal vulnerability in multiple products Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. | 4.9 |
2009-11-29 | CVE-2009-4081 | DAG Wieers | Unspecified vulnerability in Dag.Wieers Dstat Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894. | 4.4 |
2009-11-29 | CVE-2009-3894 | DAG Wieers | Local Privilege Escalation vulnerability in Dag Wieers Dstat 'sys.path' Search Path Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory. | 4.4 |
2009-11-29 | CVE-2009-4110 | Dotnetnuke | Cross-Site Scripting vulnerability in Dotnetnuke Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page. | 4.3 |
2009-11-29 | CVE-2009-4093 | Simplog | Cross-Site Scripting vulnerability in Simplog 0.9.3.2 Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters. | 4.3 |
2009-11-29 | CVE-2009-4087 | Telepark | Cross-Site Scripting vulnerability in Telepark Telepark.Wiki Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
2009-11-29 | CVE-2009-4083 | E107 | Cross-Site Scripting vulnerability in E107 Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. | 4.3 |
2009-11-25 | CVE-2009-4078 | Redmine | Cross-Site Scripting vulnerability in Redmine Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-11-25 | CVE-2009-4074 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability." | 4.3 |
2009-11-24 | CVE-2009-4069 | Gforge | Cross-Site Scripting vulnerability in Gforge 4.5.14/4.7.3 Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-11-24 | CVE-2009-3303 | Gforge | Cross-Site Scripting vulnerability in Gforge 4.5.14/4.7/4.8.1 Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter. | 4.3 |
2009-11-24 | CVE-2009-4065 | Jeff Miccolis Drupal | Cross-Site Scripting vulnerability in Jeff Miccolis Strongarm Module 6.X1.0Beta1/6.X1.0Beta2/6.X1.0Beta3 Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables. | 4.3 |
2009-11-24 | CVE-2009-4064 | Puntolatinoclub Drupal | Cross-Site Scripting vulnerability in Puntolatinoclub Gallery Assist Module 6.X1.5/6.X1.6Beta1/6.X1.6Dev Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles. | 4.3 |
2009-11-24 | CVE-2009-4063 | Drupal Ezra Barnett Gildesgame | Cross-Site Scripting vulnerability in Ezra Barnett Gildesgame OG Subgroups Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles. | 4.3 |
2009-11-24 | CVE-2009-4062 | Drupal Anon Design | Cross-Site Scripting vulnerability in Anon-Design Printfriendly Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-11-24 | CVE-2009-4061 | Yuriy Babenko Drupal | Cross-Site Scripting vulnerability in Yuriy Babenko Agreement Module 6.X1.0/6.X1.1/6.X1.Xdev Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-11-23 | CVE-2009-4052 | IBM | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. | 4.3 |
2009-11-23 | CVE-2009-4047 | P HD | Cross-Site Scripting vulnerability in P-Hd PHD Help Desk 1.43 Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. | 4.3 |
2009-11-29 | CVE-2009-4108 | Dxm2008 | Buffer Errors vulnerability in Dxm2008 XM Easy Personal FTP Server 5.8.0 XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command. | 4.0 |
2009-11-23 | CVE-2009-4048 | Dxmsoft | Remote Denial of Service vulnerability in Dxmsoft XM Easy Personal FTP Server 5.8.0 Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-11-29 | CVE-2009-4105 | Typsoft | Improper Input Validation vulnerability in Typsoft FTP Server 1.10 TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands. | 3.5 |
2009-11-25 | CVE-2009-4022 | ISC | Remote Cache Poisoning vulnerability in ISC BIND 9 DNSSEC Query Response Additional Section Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438. | 2.6 |
2009-11-29 | CVE-2009-4080 | SUN | Local Denial of Service vulnerability in Sun Solaris LDAP Client Configuration Cache Daemon Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. | 2.1 |