Weekly Vulnerabilities Reports > November 30 to December 6, 2009
Overview
76 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 65 vendors including Typo3, Cutephp, Korn19, Joomla, and SUN. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", "Path Traversal", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 65 reported vulnerabilities are remotely exploitables.
- 14 reported vulnerabilities have public exploit available.
- 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 66 reported vulnerabilities are exploitable by an anonymous user.
- Typo3 has the most reported vulnerabilities, with 10 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-03 | CVE-2009-4189 | HP | Credentials Management vulnerability in HP Operations Manager HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. | 10.0 |
2009-12-03 | CVE-2009-4188 | HP | Credentials Management vulnerability in HP Operations Dashboard HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. | 10.0 |
2009-12-03 | CVE-2009-0895 | Novell | Numeric Errors vulnerability in Novell Edirectory Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. | 10.0 |
2009-12-04 | CVE-2009-4211 | SUN Disa | Permissions, Privileges, and Access Controls vulnerability in Disa SRR for Solaris The U.S. | 9.3 |
2009-12-04 | CVE-2009-4201 | Assistanttools | Buffer Errors vulnerability in Assistanttools MP3 TAG Assistance Professional 2.92 Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, or (3) APEv2 metadata field. | 9.3 |
2009-12-04 | CVE-2009-4148 | Daz3D | Code Injection vulnerability in Daz3D DAZ Studio 2.3.3.161/2.3.3.163/3.0.1.135 DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability." | 9.3 |
2009-12-04 | CVE-2009-4195 | Adobe | Buffer Errors vulnerability in Adobe Illustrator 13.0.0/14.0.0 Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. | 9.3 |
2009-12-03 | CVE-2009-1566 | Roxio | Numeric Errors vulnerability in Roxio Creator and Easy Media Creator Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creator 2010 before SP1, might allow remote attackers to execute arbitrary code via an image with crafted dimensions. | 9.3 |
2009-12-03 | CVE-2009-4186 | Apple Microsoft | Buffer Errors vulnerability in Apple Safari 4.0.3 Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. | 9.3 |
2009-12-03 | CVE-2009-1567 | Larts | Buffer Errors vulnerability in Larts Uploader Activex Control 2.2.0.6 Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value. | 9.3 |
2009-12-02 | CVE-2009-4127 | Mozilla Wikipedia | Code Injection vulnerability in Wikipedia Toolbar Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. | 9.3 |
2009-11-30 | CVE-2009-4112 | Cacti | Permissions, Privileges, and Access Controls vulnerability in Cacti Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. | 9.0 |
21 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-03 | CVE-2009-4194 | Kmint21 | Path Traversal vulnerability in Kmint21 Golden FTP Server 4.30/4.50 Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. | 8.1 |
2009-12-03 | CVE-2009-4190 | SUN | Denial-Of-Service vulnerability in SUN Opensolaris 2009.06 Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. | 7.8 |
2009-12-04 | CVE-2009-4208 | Open School | SQL Injection vulnerability in Open-School 1.0 SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php. | 7.5 |
2009-12-04 | CVE-2009-4206 | Cmsnx | SQL Injection vulnerability in Cmsnx Million Dollar Text Links SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-12-04 | CVE-2009-4205 | Ringsworld | Path Traversal vulnerability in Ringsworld Flashlight Free Edition Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-12-04 | CVE-2009-4204 | Ringsworld | SQL Injection vulnerability in Ringsworld Flashlight Free Edition SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-12-04 | CVE-2009-4203 | Arabportal | SQL Injection vulnerability in Arabportal Arab Portal 2.2 Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/. | 7.5 |
2009-12-04 | CVE-2009-4202 | Joomla Omilenitsolutions | Path Traversal vulnerability in Omilenitsolutions COM Omphotogallery 0.5 Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. | 7.5 |
2009-12-04 | CVE-2009-4200 | Vollmar Joomla | SQL Injection vulnerability in Vollmar COM Seminar 1.28 SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php. | 7.5 |
2009-12-02 | CVE-2009-4166 | Michal Hadr Typo3 | SQL Injection vulnerability in Michal Hadr Mchtrips 2.0.0 SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-12-02 | CVE-2009-4165 | Simple Glossar Typo3 | SQL Injection vulnerability in Simple Glossar Simple Glossar 1.0.3 SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-12-02 | CVE-2009-4163 | TW Productfinder Typo3 | SQL Injection vulnerability in TW Productfinder TW Productfinder SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-12-02 | CVE-2009-4158 | Typo3 Mario Matzulla | SQL Injection vulnerability in Mario Matzulla CAL SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-12-02 | CVE-2009-4156 | Ciamos | Code Injection vulnerability in Ciamos CMS 0.9/0.9.2 PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter. | 7.5 |
2009-12-02 | CVE-2009-4155 | Eshopbuilder | SQL Injection vulnerability in Eshopbuilder Eshopbuilde CMS Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp. | 7.5 |
2009-12-02 | CVE-2009-4153 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2 Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory. | 7.5 |
2009-12-03 | CVE-2009-4191 | SUN | Local Security vulnerability in Solaris Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. | 7.2 |
2009-12-02 | CVE-2009-4147 | Freebsd | Permissions, Privileges, and Access Controls vulnerability in Freebsd 7.1/8.0 The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146. | 7.2 |
2009-12-02 | CVE-2009-4146 | Freebsd | Permissions, Privileges, and Access Controls vulnerability in Freebsd 7.1/7.2/8.0 The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147. | 7.2 |
2009-12-02 | CVE-2009-4162 | Mauro Lorenzutti Typo3 | Local Security vulnerability in Mauro Lorenzutti Wfqbe 1.3.1 Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors. | 7.2 |
2009-12-02 | CVE-2009-2686 | HP | Unspecified vulnerability in HP Nonstop Server Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, H06.08.00 through H06.18.01, and J06.04.00 through J06.07.01 allows local users to gain privileges, cause a denial of service, or obtain "access to data" via unknown vectors. | 7.2 |
37 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-04 | CVE-2009-4199 | Mamboforge Joomla Mambo Foundation | SQL Injection vulnerability in Mamboforge COM Mosres 1.0F Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php. | 6.8 |
2009-12-04 | CVE-2009-2631 | Aladdin Cisco Sonicwall Stonesoft | Permissions, Privileges, and Access Controls vulnerability in multiple products Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. | 6.8 |
2009-12-02 | CVE-2009-4173 | Cutephp Korn19 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php. | 6.8 |
2009-12-01 | CVE-2009-4121 | Opensolution | Cross-Site Request Forgery (CSRF) vulnerability in Opensolution Quick.Cms and Quick.Cms.Lite Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products or (3) delete orders via unspecified vectors. | 6.8 |
2009-12-01 | CVE-2009-4120 | Opensolution | Cross-Site Request Forgery (CSRF) vulnerability in Opensolution Quick.Cart 3.4 Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors. | 6.8 |
2009-11-30 | CVE-2009-4028 | Mysql Oracle | Improper Input Validation vulnerability in multiple products The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. | 6.8 |
2009-12-04 | CVE-2009-4198 | Cupidsystems | SQL Injection vulnerability in Cupidsystems Myminibill SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action. | 6.5 |
2009-11-30 | CVE-2009-4115 | Cutephp | Code Injection vulnerability in Cutephp Cutenews 1.4.6 Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3) inject arbitrary PHP code into data/ipban.php via the add_ip parameter. | 6.5 |
2009-11-30 | CVE-2009-4113 | Cutephp Korn19 | Code Injection vulnerability in multiple products Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field. | 6.5 |
2009-12-02 | CVE-2009-4167 | Lukas Taferner Typo3 | Unspecified vulnerability in Lukas Taferner IT Basetag 1.0.0 Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors. | 6.4 |
2009-12-01 | CVE-2009-2626 | PHP | Information Disclosure vulnerability in PHP 'ini_restore()' Memory The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. | 6.4 |
2009-12-02 | CVE-2009-4174 | Cutephp Korn19 | Permissions, Privileges, and Access Controls vulnerability in multiple products The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b, when magic_quotes_gpc is disabled, allows remote authenticated users with Journalist or Editor access to bypass administrative moderation and edit previously submitted articles via a modified id parameter in a doeditnews action. | 6.0 |
2009-11-30 | CVE-2008-7247 | Mysql Oracle | Link Following vulnerability in multiple products sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | 6.0 |
2009-12-02 | CVE-2009-4151 | Bestpractical | Improper Authentication vulnerability in Bestpractical RT Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. | 5.8 |
2009-12-02 | CVE-2009-3585 | Bestpractical | Improper Authentication vulnerability in Bestpractical RT Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain. | 5.8 |
2009-12-03 | CVE-2009-4192 | Interspire | Path Traversal vulnerability in Interspire Knowledge Manager 5 Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-12-02 | CVE-2009-4175 | Cutephp Korn19 | Information Exposure vulnerability in multiple products CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message. | 5.0 |
2009-12-02 | CVE-2009-4170 | Wordpress Roytanck | Information Exposure vulnerability in Roytanck Wp-Cumulus 1.20 WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message. | 5.0 |
2009-12-02 | CVE-2009-4160 | Kurt Kunig Typo3 | Information Disclosure vulnerability in TYPO3 Simple download-system (kk_downloader) Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | 5.0 |
2009-12-02 | CVE-2009-4154 | Elxis | Path Traversal vulnerability in Elxis CMS Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-12-02 | CVE-2009-4055 | Digium | Remote Denial of Service vulnerability in Digium Asterisk and S800I rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length. | 5.0 |
2009-11-30 | CVE-2009-4114 | Kaspersky | Improper Input Validation vulnerability in Kaspersky Anti-Virus 9.0.0.463 kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl. | 4.9 |
2009-12-04 | CVE-2009-4197 | Huawei | Cross-Site Scripting and Information Disclosure vulnerability in Huawei Mt882 Modem and Mt882 Modem Firmware rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. | 4.7 |
2009-12-02 | CVE-2009-4150 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Universal Database dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | 4.6 |
2009-12-04 | CVE-2009-4209 | Mozilo | Cross-Site Scripting vulnerability in Mozilo Mozilocms 1.11.1 Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367. | 4.3 |
2009-12-04 | CVE-2009-4207 | Drupal Nathan Haug | Cross-Site Scripting vulnerability in Nathan Haug Webform Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. | 4.3 |
2009-12-04 | CVE-2009-4196 | Huawei | Cross-Site Scripting vulnerability in Huawei Mt882 V100T002B020 Arg-T Firmware3.7.9.98 Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1. | 4.3 |
2009-12-03 | CVE-2009-4187 | SUN | Cross-Site Scripting vulnerability in SUN Java System Portal Server 6.3.1/7.1/7.2 Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-02 | CVE-2009-4171 | Yahoo | Buffer Errors vulnerability in Yahoo Messenger 9.0.0.2162 An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument. | 4.3 |
2009-12-02 | CVE-2009-4169 | Wordpress Roytanck | Cross-Site Scripting vulnerability in Roytanck Wp-Cumulus Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-02 | CVE-2009-4168 | Roytanck Wordpress | Cross-Site Scripting vulnerability in Roytanck Wp-Cumulus Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. | 4.3 |
2009-12-02 | CVE-2009-4164 | Simple Glossar Typo3 | Cross-Site Scripting vulnerability in Simple Glossar Simple Glossar Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-02 | CVE-2009-4161 | AN Searchit Typo3 | Cross-Site Scripting vulnerability in AN Searchit AN Searchit Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-02 | CVE-2009-4157 | Joomla Joomlatune | Cross-Site Scripting vulnerability in Joomlatune COM Proofreader 1.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages. | 4.3 |
2009-12-02 | CVE-2009-4152 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2 Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. | 4.3 |
2009-12-01 | CVE-2009-4119 | Alex Barth Drupal | Cross-Site Scripting vulnerability in Alex Barth Feed Element Mapper Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-11-30 | CVE-2009-4019 | Mysql Oracle | mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-02 | CVE-2009-4159 | Ivan Kartolo Typo3 | Cross-Site Scripting vulnerability in Ivan Kartolo Direct Mail Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2009-11-30 | CVE-2009-4116 | Cutephp | Path Traversal vulnerability in Cutephp Cutenews 1.4.6 Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. | 3.5 |
2009-12-04 | CVE-2009-3304 | Gforge | Link Following vulnerability in Gforge 4.5.14/4.7/4.8.2 GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. | 3.3 |
2009-12-03 | CVE-2009-4193 | Merkaartor | Link Following vulnerability in Merkaartor 0.14 Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file. | 3.3 |
2009-12-02 | CVE-2009-4172 | Cutephp Korn19 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action. | 2.6 |
2009-12-01 | CVE-2009-4118 | Cisco | Local Denial of Service vulnerability in Cisco VPN Client for Windows 'StartServiceCtrlDispatche' The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. | 2.1 |