Weekly Vulnerabilities Reports > November 30 to December 6, 2009

Overview

84 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 90 products from 69 vendors including Typo3, Cutephp, Korn19, Joomla, and Oracle. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Path Traversal".

  • 71 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 74 reported vulnerabilities are exploitable by an anonymous user.
  • Typo3 has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-03 CVE-2009-4189 HP Credentials Management vulnerability in HP Operations Manager

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container.

10.0
2009-12-03 CVE-2009-4188 HP Credentials Management vulnerability in HP Operations Dashboard

HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container.

10.0
2009-12-03 CVE-2009-0895 Novell Numeric Errors vulnerability in Novell Edirectory

Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.

10.0
2009-12-04 CVE-2009-4211 SUN
Disa
Permissions, Privileges, and Access Controls vulnerability in Disa SRR for Solaris

The U.S.

9.3
2009-12-04 CVE-2009-4201 Assistanttools Buffer Errors vulnerability in Assistanttools MP3 TAG Assistance Professional 2.92

Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, or (3) APEv2 metadata field.

9.3
2009-12-04 CVE-2009-4148 Daz3D Code Injection vulnerability in Daz3D DAZ Studio 2.3.3.161/2.3.3.163/3.0.1.135

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."

9.3
2009-12-04 CVE-2009-4195 Adobe Buffer Errors vulnerability in Adobe Illustrator 13.0.0/14.0.0

Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file.

9.3
2009-12-03 CVE-2009-1566 Roxio Numeric Errors vulnerability in Roxio Creator and Easy Media Creator

Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creator 2010 before SP1, might allow remote attackers to execute arbitrary code via an image with crafted dimensions.

9.3
2009-12-03 CVE-2009-4186 Apple
Microsoft
Buffer Errors vulnerability in Apple Safari 4.0.3

Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.

9.3
2009-12-03 CVE-2009-1567 Larts Buffer Errors vulnerability in Larts Uploader Activex Control 2.2.0.6

Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value.

9.3
2009-12-02 CVE-2009-4127 Mozilla
Wikipedia
Code Injection vulnerability in Wikipedia Toolbar

Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function.

9.3
2009-12-02 CVE-2009-3672 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 6/7

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information.

9.3
2009-12-01 CVE-2009-4117 Sumatrapdfreader Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sumatrapdfreader Sumatrapdf

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions.

9.3
2009-11-30 CVE-2009-4112 Cacti Permissions, Privileges, and Access Controls vulnerability in Cacti

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.

9.0

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-04 CVE-2009-4020 Linux Buffer Errors vulnerability in Linux Kernel 2.6.32

Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.

7.8
2009-12-03 CVE-2009-4190 SUN Denial-Of-Service vulnerability in SUN Opensolaris 2009.06

Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12.

7.8
2009-12-02 CVE-2009-4026 Linux Remote Denial of Service vulnerability in Linux Kernel 'net/mac80211/'

The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."

7.8
2009-12-04 CVE-2009-4208 Open School SQL Injection vulnerability in Open-School 1.0

SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.

7.5
2009-12-04 CVE-2009-4206 Cmsnx SQL Injection vulnerability in Cmsnx Million Dollar Text Links

SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-12-04 CVE-2009-4205 Ringsworld Path Traversal vulnerability in Ringsworld Flashlight Free Edition

Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-12-04 CVE-2009-4204 Ringsworld SQL Injection vulnerability in Ringsworld Flashlight Free Edition

SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-12-04 CVE-2009-4203 Arabportal SQL Injection vulnerability in Arabportal Arab Portal 2.2

Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.

7.5
2009-12-04 CVE-2009-4202 Joomla
Omilenitsolutions
Path Traversal vulnerability in Omilenitsolutions COM Omphotogallery 0.5

Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.

7.5
2009-12-04 CVE-2009-4200 Vollmar
Joomla
SQL Injection vulnerability in Vollmar COM Seminar 1.28

SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.

7.5
2009-12-02 CVE-2009-4166 Michal Hadr
Typo3
SQL Injection vulnerability in Michal Hadr Mchtrips 2.0.0

SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-02 CVE-2009-4165 Simple Glossar
Typo3
SQL Injection vulnerability in Simple Glossar Simple Glossar 1.0.3

SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-02 CVE-2009-4163 TW Productfinder
Typo3
SQL Injection vulnerability in TW Productfinder TW Productfinder

SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-02 CVE-2009-4158 Typo3
Mario Matzulla
SQL Injection vulnerability in Mario Matzulla CAL

SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-02 CVE-2009-4156 Ciamos Code Injection vulnerability in Ciamos CMS 0.9/0.9.2

PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.

7.5
2009-12-02 CVE-2009-4155 Eshopbuilder SQL Injection vulnerability in Eshopbuilder Eshopbuilde CMS

Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp.

7.5
2009-12-02 CVE-2009-4153 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2

Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory.

7.5
2009-12-03 CVE-2009-4191 SUN Local Security vulnerability in Solaris

Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12.

7.2
2009-12-02 CVE-2009-4147 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd 7.1/8.0

The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.

7.2
2009-12-02 CVE-2009-4146 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd 7.1/7.2/8.0

The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.

7.2
2009-12-02 CVE-2009-4162 Mauro Lorenzutti
Typo3
Local Security vulnerability in Mauro Lorenzutti Wfqbe 1.3.1

Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors.

7.2
2009-12-02 CVE-2009-2686 HP Unspecified vulnerability in HP Nonstop Server

Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, H06.08.00 through H06.18.01, and J06.04.00 through J06.07.01 allows local users to gain privileges, cause a denial of service, or obtain "access to data" via unknown vectors.

7.2
2009-12-01 CVE-2009-4128 GNU Improper Authentication vulnerability in GNU Grub 2 1.97

GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.

7.2
2009-12-02 CVE-2009-4027 Linux Race Condition vulnerability in Linux Kernel

Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session.

7.1

40 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-04 CVE-2009-4199 Mamboforge
Joomla
Mambo Foundation
SQL Injection vulnerability in Mamboforge COM Mosres 1.0F

Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.

6.8
2009-12-04 CVE-2009-2631 Aladdin
Cisco
Sonicwall
Stonesoft
Permissions, Privileges, and Access Controls vulnerability in multiple products

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks.

6.8
2009-12-02 CVE-2009-4173 Cutephp
Korn19
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.

6.8
2009-12-01 CVE-2009-4121 Opensolution Cross-Site Request Forgery (CSRF) vulnerability in Opensolution Quick.Cms and Quick.Cms.Lite

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors.

6.8
2009-12-01 CVE-2009-4120 Opensolution Cross-Site Request Forgery (CSRF) vulnerability in Opensolution Quick.Cart 3.4

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.

6.8
2009-11-30 CVE-2009-4028 Mysql
Oracle
Improper Input Validation vulnerability in multiple products

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

6.8
2009-12-04 CVE-2009-4198 Cupidsystems SQL Injection vulnerability in Cupidsystems Myminibill

SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.

6.5
2009-11-30 CVE-2009-4115 Cutephp Code Injection vulnerability in Cutephp Cutenews 1.4.6

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3) inject arbitrary PHP code into data/ipban.php via the add_ip parameter.

6.5
2009-11-30 CVE-2009-4113 Cutephp
Korn19
Code Injection vulnerability in multiple products

Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.

6.5
2009-12-02 CVE-2009-4167 Lukas Taferner
Typo3
Unspecified vulnerability in Lukas Taferner IT Basetag 1.0.0

Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.

6.4
2009-12-01 CVE-2009-2626 PHP Information Disclosure vulnerability in PHP 'ini_restore()' Memory

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

6.4
2009-12-03 CVE-2009-4194 Kmint21 Path Traversal vulnerability in Kmint21 Golden FTP Server 4.30/4.50

Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a ..

6.0
2009-12-02 CVE-2009-4174 Cutephp
Korn19
Permissions, Privileges, and Access Controls vulnerability in multiple products

The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action.

6.0
2009-11-30 CVE-2008-7247 Mysql
Oracle
Link Following vulnerability in multiple products

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

6.0
2009-12-02 CVE-2009-4151 Bestpractical Improper Authentication vulnerability in Bestpractical RT

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585.

5.8
2009-12-02 CVE-2009-3585 Bestpractical Improper Authentication vulnerability in Bestpractical RT

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.

5.8
2009-12-04 CVE-2009-3560 James Clark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in James Clark Expat 2.0.1

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

5.0
2009-12-03 CVE-2009-4192 Interspire Path Traversal vulnerability in Interspire Knowledge Manager 5

Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a ..

5.0
2009-12-02 CVE-2009-4175 Cutephp
Korn19
Information Exposure vulnerability in multiple products

CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message.

5.0
2009-12-02 CVE-2009-4170 Wordpress
Roytanck
Information Exposure vulnerability in Roytanck Wp-Cumulus 1.20

WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.

5.0
2009-12-02 CVE-2009-4160 Kurt Kunig
Typo3
Information Disclosure vulnerability in TYPO3 Simple download-system (kk_downloader)

Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

5.0
2009-12-02 CVE-2009-4154 Elxis Path Traversal vulnerability in Elxis CMS

Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a ..

5.0
2009-12-02 CVE-2009-4055 Digium Remote Denial of Service vulnerability in Digium Asterisk and S800I

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.

5.0
2009-11-30 CVE-2009-4114 Kaspersky Improper Input Validation vulnerability in Kaspersky Anti-Virus 9.0.0.463

kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.

4.9
2009-12-04 CVE-2009-4197 Huawei Cross-Site Scripting and Information Disclosure vulnerability in Huawei Mt882 Modem and Mt882 Modem Firmware

rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.

4.7
2009-12-02 CVE-2009-4150 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Universal Database

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

4.6
2009-11-30 CVE-2009-4030 Mysql
Oracle
Link Following vulnerability in multiple products

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value.

4.4
2009-12-04 CVE-2009-4209 Mozilo Cross-Site Scripting vulnerability in Mozilo Mozilocms 1.11.1

Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367.

4.3
2009-12-04 CVE-2009-4207 Drupal
Nathan Haug
Cross-Site Scripting vulnerability in Nathan Haug Webform

Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.

4.3
2009-12-04 CVE-2009-4196 Huawei Cross-Site Scripting vulnerability in Huawei Mt882 V100T002B020 Arg-T Firmware3.7.9.98

Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1.

4.3
2009-12-03 CVE-2009-4187 SUN Cross-Site Scripting vulnerability in SUN Java System Portal Server 6.3.1/7.1/7.2

Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-02 CVE-2009-4171 Yahoo Buffer Errors vulnerability in Yahoo Messenger 9.0.0.2162

An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.

4.3
2009-12-02 CVE-2009-4169 Wordpress
Roytanck
Cross-Site Scripting vulnerability in Roytanck Wp-Cumulus

Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-02 CVE-2009-4168 Roytanck
Wordpress
Cross-Site Scripting vulnerability in Roytanck Wp-Cumulus

Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action.

4.3
2009-12-02 CVE-2009-4164 Simple Glossar
Typo3
Cross-Site Scripting vulnerability in Simple Glossar Simple Glossar

Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-02 CVE-2009-4161 AN Searchit
Typo3
Cross-Site Scripting vulnerability in AN Searchit AN Searchit

Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-02 CVE-2009-4157 Joomla
Joomlatune
Cross-Site Scripting vulnerability in Joomlatune COM Proofreader 1.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.

4.3
2009-12-02 CVE-2009-4152 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2

Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag.

4.3
2009-12-01 CVE-2009-4119 Alex Barth
Drupal
Cross-Site Scripting vulnerability in Alex Barth Feed Element Mapper

Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-11-30 CVE-2009-4019 Mysql
Oracle
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-02 CVE-2009-4159 Ivan Kartolo
Typo3
Cross-Site Scripting vulnerability in Ivan Kartolo Direct Mail

Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2009-11-30 CVE-2009-4116 Cutephp Path Traversal vulnerability in Cutephp Cutenews 1.4.6

Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a ..

3.5
2009-12-04 CVE-2009-3304 Gforge Link Following vulnerability in Gforge 4.5.14/4.7/4.8.2

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php.

3.3
2009-12-03 CVE-2009-4193 Merkaartor Link Following vulnerability in Merkaartor 0.14

Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.

3.3
2009-12-02 CVE-2009-4172 Cutephp
Korn19
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.

2.6
2009-12-01 CVE-2009-4118 Cisco Local Denial of Service vulnerability in Cisco VPN Client for Windows 'StartServiceCtrlDispatche'

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

2.1