Weekly Vulnerabilities Reports > December 7 to 13, 2009

Overview

98 new vulnerabilities reported during this period, including 46 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 108 products from 53 vendors including Microsoft, HP, Adobe, Linux, and Joomla. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Code Injection", "Resource Management Errors", and "SQL Injection".

  • 91 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 94 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 14 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

46 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-11 CVE-2009-4294 SUN Remote Code Execution vulnerability in Sun Ray Server Authentication Manager

Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.

10.0
2009-12-11 CVE-2009-4124 Ruby Lang Buffer Errors vulnerability in Ruby-Lang Ruby 1.9.1

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust.

10.0
2009-12-11 CVE-2009-3027 Symantec Improper Authentication vulnerability in Symantec products

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.

10.0
2009-12-10 CVE-2009-0898 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.

10.0
2009-12-10 CVE-2009-4181 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.

10.0
2009-12-10 CVE-2009-4180 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.

10.0
2009-12-10 CVE-2009-4179 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.

10.0
2009-12-10 CVE-2009-4178 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.

10.0
2009-12-10 CVE-2009-4177 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.

10.0
2009-12-10 CVE-2009-4176 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.

10.0
2009-12-10 CVE-2009-3849 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.

10.0
2009-12-10 CVE-2009-3848 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.

10.0
2009-12-10 CVE-2009-3847 HP Remote Code Execution vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2009-12-10 CVE-2009-3846 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.

10.0
2009-12-10 CVE-2009-3845 HP Remote Code Execution vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

10.0
2009-12-09 CVE-2009-4240 IBM Buffer Errors vulnerability in IBM Infosphere Information Server 8.1

Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.

10.0
2009-12-09 CVE-2009-3677 Microsoft Code Injection vulnerability in Microsoft products

The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."

10.0
2009-12-09 CVE-2009-2505 Microsoft Improper Authentication vulnerability in Microsoft Windows Server 2008 and Windows Vista

The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."

10.0
2009-12-08 CVE-2009-3844 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Data Protector Application Recovery Manager 5.50/6.0

Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.

10.0
2009-12-13 CVE-2009-4313 Microsoft Buffer Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.

9.3
2009-12-13 CVE-2009-4312 Microsoft Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.

9.3
2009-12-13 CVE-2009-4311 Microsoft Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software.

9.3
2009-12-13 CVE-2009-4310 Microsoft
Windows
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.

9.3
2009-12-13 CVE-2009-4309 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

9.3
2009-12-13 CVE-2009-4210 Microsoft Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.

9.3
2009-12-10 CVE-2009-4292 IIJ Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IIJ products

Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.40 through 2.51 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2009-12-10 CVE-2009-3800 Adobe Remote vulnerability in Adobe AIR and Flash Player

Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2009-12-10 CVE-2009-3799 Adobe Numeric Errors vulnerability in Adobe AIR and Flash Player

Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."

9.3
2009-12-10 CVE-2009-3798 Adobe Resource Management Errors vulnerability in Adobe AIR and Flash Player

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

9.3
2009-12-10 CVE-2009-3797 Adobe Resource Management Errors vulnerability in Adobe AIR and Flash Player

Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

9.3
2009-12-10 CVE-2009-3796 Adobe Code Injection vulnerability in Adobe AIR and Flash Player

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."

9.3
2009-12-10 CVE-2009-3794 Adobe Buffer Errors vulnerability in Adobe AIR and Flash Player

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

9.3
2009-12-10 CVE-2009-4265 Pointdev Buffer Errors vulnerability in Pointdev Ideal Administration 2009 9.7.1

Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.

9.3
2009-12-10 CVE-2009-4251 Corel Buffer Errors vulnerability in Corel Paint Shop PRO 8.10

Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file.

9.3
2009-12-09 CVE-2009-3674 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.

9.3
2009-12-09 CVE-2009-3673 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2009-12-09 CVE-2009-3671 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.

9.3
2009-12-09 CVE-2009-2506 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.

9.3
2009-12-09 CVE-2009-0102 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."

9.3
2009-12-08 CVE-2009-1569 Novell Buffer Errors vulnerability in Novell Iprint 4.38/5.30

Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time.

9.3
2009-12-08 CVE-2009-1568 Novell Buffer Errors vulnerability in Novell Iprint Client 5.30/5.31

Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.

9.3
2009-12-08 CVE-2009-4225 CA Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CA Etrust Pestpatrole Ppctl.Dll Activex 5.6.7.9

Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.

9.3
2009-12-08 CVE-2009-3994 Denton Woods Buffer Errors vulnerability in Denton Woods Devil 1.7.8

Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file.

9.3
2009-12-07 CVE-2009-4219 Haihaisoft Buffer Errors vulnerability in Haihaisoft Universal Player 1.4.8.0

Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value.

9.3
2009-12-07 CVE-2009-4216 Klinza Path Traversal vulnerability in Klinza Professional CMS

Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..

9.3
2009-12-09 CVE-2009-2509 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows Server 2008

Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."

9.0

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-11 CVE-2009-4295 SUN Cryptographic Issues vulnerability in SUN RAY Server Software 4.0/4.1

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.

7.8
2009-12-08 CVE-2009-1298 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function.

7.8
2009-12-11 CVE-2009-4296 Brian Miller
Drupal
SQL Injection vulnerability in Brian Miller Taxonomy Timer

SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-10 CVE-2009-4263 Ptcpay SQL Injection vulnerability in Ptcpay Gen3 1.3

SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2009-12-10 CVE-2009-4262 Haroldbakker Permissions, Privileges, and Access Controls vulnerability in Haroldbakker Hb-Ns 1.3

Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php.

7.5
2009-12-10 CVE-2009-4256 Truesolution SQL Injection vulnerability in Truesolution Alefmentor 2.0/2.2

Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action.

7.5
2009-12-08 CVE-2009-4231 Basic CMS Path Traversal vulnerability in Basic-Cms Sweetrice

Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via ..

7.5
2009-12-08 CVE-2009-4230 Ruven Pillay Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ruven Pillay Iipimage Server

Multiple stack-based buffer overflows in src/Task.cc in the FastCGI program in IIPImage Server before 0.9.8 might allow remote attackers to execute arbitrary code via vectors associated with crafted arguments to the (1) RGN::run, (2) JTLS::run, or (3) SHD::run function.

7.5
2009-12-08 CVE-2009-4229 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Bids

Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp.

7.5
2009-12-08 CVE-2009-3586 Frank Yaul Numeric Errors vulnerability in Frank Yaul Corehttp 0.5.3.1

Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow.

7.5
2009-12-07 CVE-2009-4223 Gianni Tommasi Code Injection vulnerability in Gianni Tommasi Kr-PHP web Content Server 1.1

PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

7.5
2009-12-07 CVE-2009-4222 Smartisoft Permissions, Privileges, and Access Controls vulnerability in Smartisoft PHPbazar 2.0.2/2.1.0/2.1.1Fix

phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.

7.5
2009-12-07 CVE-2009-4221 Smartisoft SQL Injection vulnerability in Smartisoft PHPbazar 2.0.2/2.1.0/2.1.1

SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.

7.5
2009-12-07 CVE-2009-4220 Raphael Mazoyer Code Injection vulnerability in Raphael Mazoyer Pointcomma

PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter.

7.5
2009-12-07 CVE-2009-4218 Jiros SQL Injection vulnerability in Jiros Jbsx

Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091.

7.5
2009-12-07 CVE-2009-4217 Joomla
Itamar Elharar
SQL Injection vulnerability in Itamar Elharar COM Musicgallery

SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php.

7.5
2009-12-13 CVE-2009-4131 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.

7.2
2009-12-07 CVE-2009-4215 Microsoft
Pandasecurity
Permissions, Privileges, and Access Controls vulnerability in Pandasecurity products

Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs.

7.2
2009-12-13 CVE-2009-4308 Linux Resource Management Errors vulnerability in Linux Kernel

The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.

7.1
2009-12-13 CVE-2009-4307 Linux Numeric Errors vulnerability in Linux Kernel

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).

7.1
2009-12-10 CVE-2009-4293 IIJ Configuration vulnerability in IIJ products

Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets.

7.1
2009-12-10 CVE-2009-3951 Microsoft
Adobe
Information Exposure vulnerability in Adobe AIR and Flash Player

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.

7.1
2009-12-08 CVE-2009-4226 SUN Race Condition vulnerability in SUN Opensolaris

Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function.

7.1

27 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-09 CVE-2009-2508 Microsoft Credentials Management vulnerability in Microsoft Windows Server 2003 and Windows Server 2008

The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."

6.9
2009-12-08 CVE-2009-4235 TIM Hockin Permissions, Privileges, and Access Controls vulnerability in TIM Hockin Acpid 1.0.4

acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.

6.9
2009-12-08 CVE-2009-4033 TIM Hockin Permissions, Privileges, and Access Controls vulnerability in TIM Hockin Acpid 1.0.4

A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.

6.9
2009-12-10 CVE-2009-4264 Aroundme
Barnraiser
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.

6.8
2009-12-09 CVE-2009-3675 Microsoft Resource Management Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."

6.8
2009-12-08 CVE-2009-4227 Xfig Buffer Errors vulnerability in Xfig 3.2.5

Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format.

6.8
2009-12-07 CVE-2009-4224 Basic CMS Improper Input Validation vulnerability in Basic-Cms Sweetrice

Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.

6.8
2009-12-10 CVE-2009-4238 Teamst SQL Injection vulnerability in Teamst Testlink

Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.

6.5
2009-12-09 CVE-2009-3563 NTP Remote Denial of Service vulnerability in NTP mode 7 MODE_PRIVATE Packet

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

6.4
2009-12-08 CVE-2009-2749 IBM Cryptographic Issues vulnerability in IBM products

Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value.

6.4
2009-12-10 CVE-2009-4254 Phpee Information Exposure vulnerability in PHPee Pphlogger 2.2.5

PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message.

5.0
2009-12-08 CVE-2009-4236 EC Cube Information Exposure vulnerability in Ec-Cube Ver2

The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.

5.0
2009-12-08 CVE-2009-4232 Jonijnm
Joomla
Improper Authentication vulnerability in Jonijnm COM Kide 0.4.6

The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php.

5.0
2009-12-08 CVE-2009-2843 Apple Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

5.0
2009-12-13 CVE-2009-4306 Linux Denial-Of-Service vulnerability in Linux Kernel

Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.

4.9
2009-12-11 CVE-2009-4135 Canonical
GNU
Fedoraproject
Link Following vulnerability in multiple products

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

4.4
2009-12-10 CVE-2009-4266 Yabsoft Cross-Site Scripting vulnerability in Yabsoft Advanced Image Hosting Script 2.2/2.3

Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.

4.3
2009-12-10 CVE-2009-4255 Joomla
Youjoomla
Cross-Site Scripting vulnerability in Youjoomla You!Hostit! 1.0.1

Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php.

4.3
2009-12-10 CVE-2009-4253 Phpee Cross-Site Scripting vulnerability in PHPee Pphlogger 2.2.5

Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter.

4.3
2009-12-10 CVE-2009-4252 Clixint Cross-Site Scripting vulnerability in Clixint Image Hosting Script DPI 1.1

Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter.

4.3
2009-12-10 CVE-2009-4250 Cutephp
Korn19
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments.

4.3
2009-12-09 CVE-2009-4239 IBM Cross-Site Scripting vulnerability in IBM Infosphere Information Server 8.1

Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-09 CVE-2009-4149 CA Cross-Site Scripting vulnerability in CA Service Desk 12.1

Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

4.3
2009-12-08 CVE-2009-4234 Micronet Cross-Site Scripting vulnerability in Micronet Network Access Controller Sp1910

Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2009-12-08 CVE-2009-4233 Joomla
Youjoomla
Cross-Site Scripting vulnerability in Youjoomla YJ Whois 1.0.0/1.5.0

Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php.

4.3
2009-12-08 CVE-2009-4228 Xfig Resource Management Errors vulnerability in Xfig 3.2.4/3.2.5

Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.

4.3
2009-12-07 CVE-2009-4214 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-10 CVE-2009-4237 Teamst Cross-Site Scripting vulnerability in Teamst Testlink

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php.

3.5
2009-12-10 CVE-2009-4249 Cutephp Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.6

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php.

2.6