Weekly Vulnerabilities Reports > December 7 to 13, 2009

Overview

83 new vulnerabilities reported during this period, including 39 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 46 vendors including Microsoft, HP, Adobe, Joomla, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Code Injection", and "Resource Management Errors".

  • 78 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 81 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

39 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-11 CVE-2009-4294 SUN Remote Code Execution vulnerability in Sun Ray Server Authentication Manager

Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.

10.0
2009-12-11 CVE-2009-4124 Ruby Lang Buffer Errors vulnerability in Ruby-Lang Ruby 1.9.1

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust.

10.0
2009-12-11 CVE-2009-3027 Symantec Improper Authentication vulnerability in Symantec products

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.

10.0
2009-12-10 CVE-2009-0898 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.

10.0
2009-12-10 CVE-2009-4181 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.

10.0
2009-12-10 CVE-2009-4180 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.

10.0
2009-12-10 CVE-2009-4179 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.

10.0
2009-12-10 CVE-2009-4178 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.

10.0
2009-12-10 CVE-2009-4177 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.

10.0
2009-12-10 CVE-2009-4176 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.

10.0
2009-12-10 CVE-2009-3849 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.

10.0
2009-12-10 CVE-2009-3848 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.

10.0
2009-12-10 CVE-2009-3847 HP Remote Code Execution vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2009-12-10 CVE-2009-3846 HP Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.

10.0
2009-12-10 CVE-2009-3845 HP Remote Code Execution vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

10.0
2009-12-09 CVE-2009-4240 IBM Buffer Errors vulnerability in IBM Infosphere Information Server 8.1

Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.

10.0
2009-12-08 CVE-2009-3844 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Data Protector Application Recovery Manager 5.50/6.0

Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.

10.0
2009-12-13 CVE-2009-4313 Microsoft Buffer Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.

9.3
2009-12-13 CVE-2009-4312 Microsoft Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.

9.3
2009-12-13 CVE-2009-4311 Microsoft Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software.

9.3
2009-12-13 CVE-2009-4310 Microsoft
Windows
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.

9.3
2009-12-13 CVE-2009-4309 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

9.3
2009-12-13 CVE-2009-4210 Microsoft Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.

9.3
2009-12-10 CVE-2009-4292 IIJ Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IIJ products

Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.40 through 2.51 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2009-12-10 CVE-2009-3800 Adobe Remote vulnerability in Adobe AIR and Flash Player

Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2009-12-10 CVE-2009-3799 Adobe Numeric Errors vulnerability in Adobe AIR and Flash Player

Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."

9.3
2009-12-10 CVE-2009-3798 Adobe Resource Management Errors vulnerability in Adobe AIR and Flash Player

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

9.3
2009-12-10 CVE-2009-3797 Adobe Resource Management Errors vulnerability in Adobe AIR and Flash Player

Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

9.3
2009-12-10 CVE-2009-3796 Adobe Code Injection vulnerability in Adobe AIR and Flash Player

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."

9.3
2009-12-10 CVE-2009-3794 Adobe Buffer Errors vulnerability in Adobe AIR and Flash Player

Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.

9.3
2009-12-10 CVE-2009-4251 Corel Buffer Errors vulnerability in Corel Paint Shop PRO 8.10

Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file.

9.3
2009-12-09 CVE-2009-2506 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.

9.3
2009-12-09 CVE-2009-0102 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."

9.3
2009-12-08 CVE-2009-1569 Novell Buffer Errors vulnerability in Novell Iprint 4.38/5.30

Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time.

9.3
2009-12-08 CVE-2009-1568 Novell Buffer Errors vulnerability in Novell Iprint Client 5.30/5.31

Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.

9.3
2009-12-08 CVE-2009-4225 CA Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CA Etrust Pestpatrole Ppctl.Dll Activex 5.6.7.9

Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.

9.3
2009-12-08 CVE-2009-3994 Denton Woods Buffer Errors vulnerability in Denton Woods Devil 1.7.8

Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file.

9.3
2009-12-07 CVE-2009-4216 Klinza Path Traversal vulnerability in Klinza Professional CMS

Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..

9.3
2009-12-09 CVE-2009-2509 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows Server 2008

Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."

9.0

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-11 CVE-2009-4295 SUN Cryptographic Issues vulnerability in SUN RAY Server Software 4.0/4.1

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.

7.8
2009-12-11 CVE-2009-4296 Brian Miller
Drupal
SQL Injection vulnerability in Brian Miller Taxonomy Timer

SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-10 CVE-2009-4263 Ptcpay SQL Injection vulnerability in Ptcpay Gen3 1.3

SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2009-12-10 CVE-2009-4262 Haroldbakker Permissions, Privileges, and Access Controls vulnerability in Haroldbakker Hb-Ns 1.3

Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php.

7.5
2009-12-10 CVE-2009-4256 Truesolution SQL Injection vulnerability in Truesolution Alefmentor 2.0/2.2

Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action.

7.5
2009-12-08 CVE-2009-4231 Basic CMS Path Traversal vulnerability in Basic-Cms Sweetrice

Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via ..

7.5
2009-12-08 CVE-2009-4230 Ruven Pillay Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ruven Pillay Iipimage Server

Multiple stack-based buffer overflows in src/Task.cc in the FastCGI program in IIPImage Server before 0.9.8 might allow remote attackers to execute arbitrary code via vectors associated with crafted arguments to the (1) RGN::run, (2) JTLS::run, or (3) SHD::run function.

7.5
2009-12-08 CVE-2009-4229 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Bids

Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp.

7.5
2009-12-08 CVE-2009-3586 Frank Yaul Numeric Errors vulnerability in Frank Yaul Corehttp 0.5.3.1

Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow.

7.5
2009-12-07 CVE-2009-4223 Gianni Tommasi Code Injection vulnerability in Gianni Tommasi Kr-PHP web Content Server 1.1

PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

7.5
2009-12-07 CVE-2009-4222 Smartisoft Permissions, Privileges, and Access Controls vulnerability in Smartisoft PHPbazar 2.0.2/2.1.0/2.1.1Fix

phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.

7.5
2009-12-07 CVE-2009-4221 Smartisoft SQL Injection vulnerability in Smartisoft PHPbazar 2.0.2/2.1.0/2.1.1

SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.

7.5
2009-12-07 CVE-2009-4220 Raphael Mazoyer Code Injection vulnerability in Raphael Mazoyer Pointcomma

PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter.

7.5
2009-12-07 CVE-2009-4218 Jiros SQL Injection vulnerability in Jiros Jbsx

Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091.

7.5
2009-12-07 CVE-2009-4217 Joomla
Itamar Elharar
SQL Injection vulnerability in Itamar Elharar COM Musicgallery

SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php.

7.5
2009-12-07 CVE-2009-4215 Microsoft
Pandasecurity
Permissions, Privileges, and Access Controls vulnerability in Pandasecurity products

Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs.

7.2
2009-12-10 CVE-2009-4293 IIJ Configuration vulnerability in IIJ products

Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets.

7.1
2009-12-10 CVE-2009-3951 Microsoft
Adobe
Information Exposure vulnerability in Adobe AIR and Flash Player

Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.

7.1
2009-12-08 CVE-2009-4226 SUN Race Condition vulnerability in SUN Opensolaris

Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function.

7.1

24 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-09 CVE-2009-2508 Microsoft Credentials Management vulnerability in Microsoft Windows Server 2003 and Windows Server 2008

The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."

6.9
2009-12-08 CVE-2009-4235 TIM Hockin Permissions, Privileges, and Access Controls vulnerability in TIM Hockin Acpid 1.0.4

acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.

6.9
2009-12-08 CVE-2009-4033 TIM Hockin Permissions, Privileges, and Access Controls vulnerability in TIM Hockin Acpid 1.0.4

A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.

6.9
2009-12-10 CVE-2009-4264 Aroundme
Barnraiser
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.

6.8
2009-12-09 CVE-2009-3675 Microsoft Resource Management Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."

6.8
2009-12-08 CVE-2009-4227 Xfig Buffer Errors vulnerability in Xfig 3.2.5

Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format.

6.8
2009-12-07 CVE-2009-4224 Basic CMS Improper Input Validation vulnerability in Basic-Cms Sweetrice

Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.

6.8
2009-12-08 CVE-2009-2749 IBM Cryptographic Issues vulnerability in IBM products

Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value.

6.4
2009-12-10 CVE-2009-4254 Phpee Information Exposure vulnerability in PHPee Pphlogger 2.2.5

PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message.

5.0
2009-12-08 CVE-2009-4236 EC Cube Information Exposure vulnerability in Ec-Cube Ver2

The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions.

5.0
2009-12-08 CVE-2009-4232 Jonijnm
Joomla
Improper Authentication vulnerability in Jonijnm COM Kide 0.4.6

The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php.

5.0
2009-12-08 CVE-2009-2843 Apple Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

5.0
2009-12-13 CVE-2009-4306 Linux Denial-Of-Service vulnerability in Linux Kernel

Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.

4.9
2009-12-10 CVE-2009-4266 Yabsoft Cross-Site Scripting vulnerability in Yabsoft Advanced Image Hosting Script 2.2/2.3

Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.

4.3
2009-12-10 CVE-2009-4255 Joomla
Youjoomla
Cross-Site Scripting vulnerability in Youjoomla You!Hostit! 1.0.1

Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php.

4.3
2009-12-10 CVE-2009-4253 Phpee Cross-Site Scripting vulnerability in PHPee Pphlogger 2.2.5

Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter.

4.3
2009-12-10 CVE-2009-4252 Clixint Cross-Site Scripting vulnerability in Clixint Image Hosting Script DPI 1.1

Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter.

4.3
2009-12-10 CVE-2009-4250 Cutephp
Korn19
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments.

4.3
2009-12-09 CVE-2009-4239 IBM Cross-Site Scripting vulnerability in IBM Infosphere Information Server 8.1

Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-09 CVE-2009-4149 CA Cross-Site Scripting vulnerability in CA Service Desk 12.1

Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

4.3
2009-12-08 CVE-2009-4234 Micronet Cross-Site Scripting vulnerability in Micronet Network Access Controller Sp1910

Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2009-12-08 CVE-2009-4233 Joomla
Youjoomla
Cross-Site Scripting vulnerability in Youjoomla YJ Whois 1.0.0/1.5.0

Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php.

4.3
2009-12-08 CVE-2009-4228 Xfig Resource Management Errors vulnerability in Xfig 3.2.4/3.2.5

Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.

4.3
2009-12-07 CVE-2009-4214 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-10 CVE-2009-4249 Cutephp Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.6

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php.

2.6