Weekly Vulnerabilities Reports > November 23 to 29, 2009

Overview

84 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 71 products from 60 vendors including Drupal, PHP, Joomla, Pear, and Telepark. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Code Injection", "SQL Injection", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 77 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 78 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-29 CVE-2009-4025 Pear OS Command Injection vulnerability in Pear 0.11/0.20/0.21

Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter.

10.0
2009-11-29 CVE-2009-4024 Pear Code Injection vulnerability in Pear

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter.

10.0
2009-11-24 CVE-2009-4072 Opera Remote Security vulnerability in Opera Web Browser

Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."

10.0
2009-11-24 CVE-2009-3843 HP Permissions, Privileges, and Access Controls vulnerability in HP Operations Manager 8.10

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.

10.0
2009-11-29 CVE-2009-4107 Amplusnet Buffer Errors vulnerability in Amplusnet Invisible Browsing 5.0.52

Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string.

9.3
2009-11-29 CVE-2009-4103 Robo FTP Buffer Errors vulnerability in Robo-Ftp 3.6.17

Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses.

9.3
2009-11-29 CVE-2009-4102 Sage Mozdev
Mozilla
Improper Input Validation vulnerability in multiple products

Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

9.3
2009-11-29 CVE-2009-4101 Didier Ernotte
Mozilla
Improper Input Validation vulnerability in Didier Ernotte Inforss

infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

9.3
2009-11-29 CVE-2009-4100 Yoono
Mozilla
Improper Input Validation vulnerability in Yoono

Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.

9.3
2009-11-29 CVE-2009-4097 Malsmith Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Malsmith Serenity Audio Player

Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file.

9.3
2009-11-25 CVE-2009-3033 Symantec Buffer Errors vulnerability in Symantec products

Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

9.3
2009-11-24 CVE-2009-3578 Autodesk Code Injection vulnerability in Autodesk Alias Wavefront Maya and Autodesk Maya

Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."

9.3
2009-11-24 CVE-2009-3577 Autodesk Code Injection vulnerability in Autodesk 3DS MAX

Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."

9.3
2009-11-24 CVE-2009-3576 Autodesk Code Injection vulnerability in Autodesk Softimage and Autodesk Softimage XSI

Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-29 CVE-2009-4031 Linux Improper Input Validation vulnerability in Linux Kernel

The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support.

7.8
2009-11-29 CVE-2009-4106 Ohloh Improper Input Validation vulnerability in Ohloh Agoko CMS

Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters.

7.5
2009-11-29 CVE-2009-4104 Joomla
Lyften
SQL Injection vulnerability in Lyften COM Lyftenbloggie 1.0.4

SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.

7.5
2009-11-29 CVE-2009-4099 G4J Laoneo
Joomla
SQL Injection vulnerability in G4J.Laoneo COM Gcalendar 1.1.2/2.1.4

SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter.

7.5
2009-11-29 CVE-2009-4096 Scriptlerim Credentials Management vulnerability in Scriptlerim Radio Isetek Scripti 2.5

RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.

7.5
2009-11-29 CVE-2009-4095 Companionway Improper Authentication vulnerability in Companionway Myphile 1.2.1

myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password.

7.5
2009-11-29 CVE-2009-4094 Joomla
Designforjoomla
Code Injection vulnerability in Designforjoomla COM Ezine 2.1

PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.

7.5
2009-11-29 CVE-2009-4090 Telepark Improper Input Validation vulnerability in Telepark Telepark.Wiki

Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.

7.5
2009-11-29 CVE-2009-4085 Jabba Laci Code Injection vulnerability in Jabba Laci PHPtraverser 0.8.0

PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter.

7.5
2009-11-29 CVE-2009-4084 E107 SQL Injection vulnerability in E107

SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-11-29 CVE-2009-4082 Lanifex Code Injection vulnerability in Lanifex Outreach Project Tool

PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter.

7.5
2009-11-29 CVE-2009-4023 Pear Code Injection vulnerability in Pear 1.1.14

Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111.

7.5
2009-11-29 CVE-2009-4018 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

7.5
2009-11-24 CVE-2009-4070 Gforge SQL Injection vulnerability in Gforge 4.5.14/4.7.3

SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-11-24 CVE-2009-4060 Cubecart SQL Injection vulnerability in Cubecart

SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.

7.5
2009-11-24 CVE-2009-4058 Telebidauctionscript SQL Injection vulnerability in Telebidauctionscript Telebid Auction Script

SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter.

7.5
2009-11-24 CVE-2009-4057 Joomla
Inertialfate
SQL Injection vulnerability in Inertialfate COM IF Nexus 1.1

SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.

7.5
2009-11-24 CVE-2009-4056 Betsy Path Traversal vulnerability in Betsy CMS 3.5

Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-11-23 CVE-2009-3559 PHP Unspecified vulnerability in PHP 5.3.0

** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory.

7.5
2009-11-23 CVE-2009-4049 Avast Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avast Antivirus Home and Avast Antivirus Professional

Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.

7.2

47 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-29 CVE-2009-3736 GNU Local Privilege Escalation vulnerability in GNU Libtool 'libltdl' Library Search Path

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

6.9
2009-11-29 CVE-2009-4111 Pear Code Injection vulnerability in Pear Mail 1.1.14/1.2.0B2

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023.

6.8
2009-11-29 CVE-2009-4092 Simplog Cross-Site Request Forgery (CSRF) vulnerability in Simplog 0.9.3.2

Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords.

6.8
2009-11-29 CVE-2009-4088 Telepark Path Traversal vulnerability in Telepark Telepark.Wiki

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.

6.8
2009-11-25 CVE-2009-4079 Redmine Cross-Site Request Forgery (CSRF) vulnerability in Redmine

Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.

6.8
2009-11-25 CVE-2009-4077 Roundcube Cross-Site Request Forgery (CSRF) vulnerability in Roundcube Webmail

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.

6.8
2009-11-25 CVE-2009-4076 Roundcube Cross-Site Request Forgery (CSRF) vulnerability in Roundcube Webmail

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.

6.8
2009-11-24 CVE-2009-4066 Drupal
Paul Beaney
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.

6.8
2009-11-24 CVE-2009-4059 Joomla
Joomclan
SQL Injection vulnerability in .Joomclan COM Joomclip

SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.

6.8
2009-11-23 CVE-2009-3558 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.

6.8
2009-11-29 CVE-2009-4098 Openx Improper Input Validation vulnerability in Openx

Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.

6.0
2009-11-24 CVE-2009-4071 Opera Configuration vulnerability in Opera Browser

Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.

5.8
2009-11-29 CVE-2009-4109 Dotnetnuke Information Exposure vulnerability in Dotnetnuke

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.

5.0
2009-11-29 CVE-2009-4091 Simplog Permissions, Privileges, and Access Controls vulnerability in Simplog 0.9.3.2

comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.

5.0
2009-11-29 CVE-2009-4089 Telepark Improper Authentication vulnerability in Telepark Telepark.Wiki 2.4.23

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.

5.0
2009-11-29 CVE-2009-4086 Javascript Improper Input Validation vulnerability in Javascript Xerver Http Server 4.31/4.32

CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL.

5.0
2009-11-25 CVE-2009-4075 SUN Remote Denial Of Service vulnerability in SUN Opensolaris and Solaris

Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread."

5.0
2009-11-24 CVE-2009-4073 Microsoft Information Exposure vulnerability in Microsoft IE

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.

5.0
2009-11-24 CVE-2009-3896 Nginx Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nginx

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.

5.0
2009-11-24 CVE-2009-4017 PHP Unspecified vulnerability in PHP 5.2.11/5.3.0

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

5.0
2009-11-23 CVE-2009-4051 Downstairs Dnsalias Improper Input Validation vulnerability in Downstairs.Dnsalias Home FTP Server 1.10.1.139

Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands.

5.0
2009-11-23 CVE-2009-4050 Phpmybackuppro Path Traversal vulnerability in PHPmybackuppro 2.1

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter.

5.0
2009-11-23 CVE-2009-3557 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.

5.0
2009-11-25 CVE-2009-4021 Linux Resource Management Errors vulnerability in Linux Kernel

The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack.

4.9
2009-11-24 CVE-2009-3898 Nginx Path Traversal vulnerability in Nginx

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a ..

4.9
2009-11-24 CVE-2009-3897 Dovecot Permissions, Privileges, and Access Controls vulnerability in Dovecot

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.

4.6
2009-11-29 CVE-2009-4081 DAG Wieers Unspecified vulnerability in Dag.Wieers Dstat

Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894.

4.4
2009-11-29 CVE-2009-3894 DAG Wieers Local Privilege Escalation vulnerability in Dag Wieers Dstat 'sys.path' Search Path

Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.

4.4
2009-11-29 CVE-2009-4110 Dotnetnuke Cross-Site Scripting vulnerability in Dotnetnuke

Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page.

4.3
2009-11-29 CVE-2009-4093 Simplog Cross-Site Scripting vulnerability in Simplog 0.9.3.2

Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters.

4.3
2009-11-29 CVE-2009-4087 Telepark Cross-Site Scripting vulnerability in Telepark Telepark.Wiki

Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-11-29 CVE-2009-4083 E107 Cross-Site Scripting vulnerability in E107

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/.

4.3
2009-11-29 CVE-2009-4032 Cacti Cross-Site Scripting vulnerability in Cacti 0.8.7E

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

4.3
2009-11-25 CVE-2009-4078 Redmine Cross-Site Scripting vulnerability in Redmine

Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-11-25 CVE-2009-4074 Microsoft Cross-Site Scripting Filter Cross-Site Scripting vulnerability in Microsoft IE 8

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."

4.3
2009-11-24 CVE-2009-4069 Gforge Cross-Site Scripting vulnerability in Gforge 4.5.14/4.7.3

Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-11-24 CVE-2009-3303 Gforge Cross-Site Scripting vulnerability in Gforge 4.5.14/4.7/4.8.1

Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter.

4.3
2009-11-24 CVE-2009-4065 Jeff Miccolis
Drupal
Cross-Site Scripting vulnerability in Jeff Miccolis Strongarm Module 6.X1.0Beta1/6.X1.0Beta2/6.X1.0Beta3

Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables.

4.3
2009-11-24 CVE-2009-4064 Puntolatinoclub
Drupal
Cross-Site Scripting vulnerability in Puntolatinoclub Gallery Assist Module 6.X1.5/6.X1.6Beta1/6.X1.6Dev

Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles.

4.3
2009-11-24 CVE-2009-4063 Drupal
Ezra Barnett Gildesgame
Cross-Site Scripting vulnerability in Ezra Barnett Gildesgame OG Subgroups

Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.

4.3
2009-11-24 CVE-2009-4062 Drupal
Anon Design
Cross-Site Scripting vulnerability in Anon-Design Printfriendly

Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-11-24 CVE-2009-4061 Yuriy Babenko
Drupal
Cross-Site Scripting vulnerability in Yuriy Babenko Agreement Module 6.X1.0/6.X1.1/6.X1.Xdev

Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-11-23 CVE-2009-4052 IBM Cross-Site Scripting vulnerability in IBM products

Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet.

4.3
2009-11-23 CVE-2009-4047 P HD Cross-Site Scripting vulnerability in P-Hd PHD Help Desk 1.43

Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php.

4.3
2009-11-29 CVE-2009-4108 Dxm2008 Buffer Errors vulnerability in Dxm2008 XM Easy Personal FTP Server 5.8.0

XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command.

4.0
2009-11-23 CVE-2009-4053 Downstairs Dnsalias Path Traversal vulnerability in Downstairs.Dnsalias Home FTP Server 1.10.1.139

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request.

4.0
2009-11-23 CVE-2009-4048 Dxmsoft Remote Denial of Service vulnerability in Dxmsoft XM Easy Personal FTP Server 5.8.0

Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-11-29 CVE-2009-4105 Typsoft Improper Input Validation vulnerability in Typsoft FTP Server 1.10

TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.

3.5
2009-11-25 CVE-2009-4022 ISC Remote Cache Poisoning vulnerability in ISC BIND 9 DNSSEC Query Response Additional Section

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

2.6
2009-11-29 CVE-2009-4080 SUN Local Denial of Service vulnerability in Sun Solaris LDAP Client Configuration Cache Daemon

Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.

2.1