Weekly Vulnerabilities Reports > December 7 to 13, 2009
Overview
83 new vulnerabilities reported during this period, including 39 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 46 vendors including Microsoft, HP, Adobe, Joomla, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Code Injection", and "Resource Management Errors".
- 78 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 81 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 13 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
39 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-12-11 | CVE-2009-4294 | SUN | Remote Code Execution vulnerability in Sun Ray Server Authentication Manager Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. | 10.0 |
| 2009-12-11 | CVE-2009-4124 | Ruby Lang | Buffer Errors vulnerability in Ruby-Lang Ruby 1.9.1 Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. | 10.0 |
| 2009-12-11 | CVE-2009-3027 | Symantec | Improper Authentication vulnerability in Symantec products VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300. | 10.0 |
| 2009-12-10 | CVE-2009-0898 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request. | 10.0 |
| 2009-12-10 | CVE-2009-4181 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe. | 10.0 |
| 2009-12-10 | CVE-2009-4180 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header. | 10.0 |
| 2009-12-10 | CVE-2009-4179 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action. | 10.0 |
| 2009-12-10 | CVE-2009-4178 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter. | 10.0 |
| 2009-12-10 | CVE-2009-4177 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header. | 10.0 |
| 2009-12-10 | CVE-2009-4176 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe. | 10.0 |
| 2009-12-10 | CVE-2009-3849 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe. | 10.0 |
| 2009-12-10 | CVE-2009-3848 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function. | 10.0 |
| 2009-12-10 | CVE-2009-3847 | HP | Remote Code Execution vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2009-12-10 | CVE-2009-3846 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter. | 10.0 |
| 2009-12-10 | CVE-2009-3845 | HP | Remote Code Execution vulnerability in HP Openview Network Node Manager 7.0.1/7.51/7.53 The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts. | 10.0 |
| 2009-12-09 | CVE-2009-4240 | IBM | Buffer Errors vulnerability in IBM Infosphere Information Server 8.1 Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors. | 10.0 |
| 2009-12-08 | CVE-2009-3844 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Data Protector Application Recovery Manager 5.50/6.0 Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet. | 10.0 |
| 2009-12-13 | CVE-2009-4313 | Microsoft | Buffer Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. | 9.3 |
| 2009-12-13 | CVE-2009-4312 | Microsoft | Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. | 9.3 |
| 2009-12-13 | CVE-2009-4311 | Microsoft | Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. | 9.3 |
| 2009-12-13 | CVE-2009-4310 | Microsoft Windows | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. | 9.3 |
| 2009-12-13 | CVE-2009-4309 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. | 9.3 |
| 2009-12-13 | CVE-2009-4210 | Microsoft | Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. | 9.3 |
| 2009-12-10 | CVE-2009-4292 | IIJ | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IIJ products Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.40 through 2.51 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2009-12-10 | CVE-2009-3800 | Adobe | Remote vulnerability in Adobe AIR and Flash Player Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
| 2009-12-10 | CVE-2009-3799 | Adobe | Numeric Errors vulnerability in Adobe AIR and Flash Player Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers." | 9.3 |
| 2009-12-10 | CVE-2009-3798 | Adobe | Resource Management Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | 9.3 |
| 2009-12-10 | CVE-2009-3797 | Adobe | Resource Management Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. | 9.3 |
| 2009-12-10 | CVE-2009-3796 | Adobe | Code Injection vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability." | 9.3 |
| 2009-12-10 | CVE-2009-3794 | Adobe | Buffer Errors vulnerability in Adobe AIR and Flash Player Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file. | 9.3 |
| 2009-12-10 | CVE-2009-4251 | Corel | Buffer Errors vulnerability in Corel Paint Shop PRO 8.10 Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. | 9.3 |
| 2009-12-09 | CVE-2009-2506 | Microsoft | Numeric Errors vulnerability in Microsoft products Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow. | 9.3 |
| 2009-12-09 | CVE-2009-0102 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." | 9.3 |
| 2009-12-08 | CVE-2009-1569 | Novell | Buffer Errors vulnerability in Novell Iprint 4.38/5.30 Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time. | 9.3 |
| 2009-12-08 | CVE-2009-1568 | Novell | Buffer Errors vulnerability in Novell Iprint Client 5.30/5.31 Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter. | 9.3 |
| 2009-12-08 | CVE-2009-4225 | CA | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CA Etrust Pestpatrole Ppctl.Dll Activex 5.6.7.9 Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method. | 9.3 |
| 2009-12-08 | CVE-2009-3994 | Denton Woods | Buffer Errors vulnerability in Denton Woods Devil 1.7.8 Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file. | 9.3 |
| 2009-12-07 | CVE-2009-4216 | Klinza | Path Traversal vulnerability in Klinza Professional CMS Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 9.3 |
| 2009-12-09 | CVE-2009-2509 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows Server 2008 Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." | 9.0 |
19 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-12-11 | CVE-2009-4295 | SUN | Cryptographic Issues vulnerability in SUN RAY Server Software 4.0/4.1 Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic. | 7.8 |
| 2009-12-11 | CVE-2009-4296 | Brian Miller Drupal | SQL Injection vulnerability in Brian Miller Taxonomy Timer SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-12-10 | CVE-2009-4263 | Ptcpay | SQL Injection vulnerability in Ptcpay Gen3 1.3 SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2009-12-10 | CVE-2009-4262 | Haroldbakker | Permissions, Privileges, and Access Controls vulnerability in Haroldbakker Hb-Ns 1.3 Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php. | 7.5 |
| 2009-12-10 | CVE-2009-4256 | Truesolution | SQL Injection vulnerability in Truesolution Alefmentor 2.0/2.2 Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. | 7.5 |
| 2009-12-08 | CVE-2009-4231 | Basic CMS | Path Traversal vulnerability in Basic-Cms Sweetrice Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. | 7.5 |
| 2009-12-08 | CVE-2009-4230 | Ruven Pillay | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ruven Pillay Iipimage Server Multiple stack-based buffer overflows in src/Task.cc in the FastCGI program in IIPImage Server before 0.9.8 might allow remote attackers to execute arbitrary code via vectors associated with crafted arguments to the (1) RGN::run, (2) JTLS::run, or (3) SHD::run function. | 7.5 |
| 2009-12-08 | CVE-2009-4229 | Activewebsoftwares | SQL Injection vulnerability in Activewebsoftwares Active Bids Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp. | 7.5 |
| 2009-12-08 | CVE-2009-3586 | Frank Yaul | Numeric Errors vulnerability in Frank Yaul Corehttp 0.5.3.1 Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. | 7.5 |
| 2009-12-07 | CVE-2009-4223 | Gianni Tommasi | Code Injection vulnerability in Gianni Tommasi Kr-PHP web Content Server 1.1 PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | 7.5 |
| 2009-12-07 | CVE-2009-4222 | Smartisoft | Permissions, Privileges, and Access Controls vulnerability in Smartisoft PHPbazar 2.0.2/2.1.0/2.1.1Fix phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request. | 7.5 |
| 2009-12-07 | CVE-2009-4221 | Smartisoft | SQL Injection vulnerability in Smartisoft PHPbazar 2.0.2/2.1.0/2.1.1 SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767. | 7.5 |
| 2009-12-07 | CVE-2009-4220 | Raphael Mazoyer | Code Injection vulnerability in Raphael Mazoyer Pointcomma PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter. | 7.5 |
| 2009-12-07 | CVE-2009-4218 | Jiros | SQL Injection vulnerability in Jiros Jbsx Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. | 7.5 |
| 2009-12-07 | CVE-2009-4217 | Joomla Itamar Elharar | SQL Injection vulnerability in Itamar Elharar COM Musicgallery SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. | 7.5 |
| 2009-12-07 | CVE-2009-4215 | Microsoft Pandasecurity | Permissions, Privileges, and Access Controls vulnerability in Pandasecurity products Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs. | 7.2 |
| 2009-12-10 | CVE-2009-4293 | IIJ | Configuration vulnerability in IIJ products Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets. | 7.1 |
| 2009-12-10 | CVE-2009-3951 | Microsoft Adobe | Information Exposure vulnerability in Adobe AIR and Flash Player Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. | 7.1 |
| 2009-12-08 | CVE-2009-4226 | SUN | Race Condition vulnerability in SUN Opensolaris Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function. | 7.1 |
24 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-12-09 | CVE-2009-2508 | Microsoft | Credentials Management vulnerability in Microsoft Windows Server 2003 and Windows Server 2008 The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." | 6.9 |
| 2009-12-08 | CVE-2009-4235 | TIM Hockin | Permissions, Privileges, and Access Controls vulnerability in TIM Hockin Acpid 1.0.4 acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033. | 6.9 |
| 2009-12-08 | CVE-2009-4033 | TIM Hockin | Permissions, Privileges, and Access Controls vulnerability in TIM Hockin Acpid 1.0.4 A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. | 6.9 |
| 2009-12-10 | CVE-2009-4264 | Aroundme Barnraiser | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter. | 6.8 |
| 2009-12-09 | CVE-2009-3675 | Microsoft | Resource Management Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." | 6.8 |
| 2009-12-08 | CVE-2009-4227 | Xfig | Buffer Errors vulnerability in Xfig 3.2.5 Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. | 6.8 |
| 2009-12-07 | CVE-2009-4224 | Basic CMS | Improper Input Validation vulnerability in Basic-Cms Sweetrice Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php. | 6.8 |
| 2009-12-08 | CVE-2009-2749 | IBM | Cryptographic Issues vulnerability in IBM products Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value. | 6.4 |
| 2009-12-10 | CVE-2009-4254 | Phpee | Information Exposure vulnerability in PHPee Pphlogger 2.2.5 PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message. | 5.0 |
| 2009-12-08 | CVE-2009-4236 | EC Cube | Information Exposure vulnerability in Ec-Cube Ver2 The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions. | 5.0 |
| 2009-12-08 | CVE-2009-4232 | Jonijnm Joomla | Improper Authentication vulnerability in Jonijnm COM Kide 0.4.6 The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. | 5.0 |
| 2009-12-08 | CVE-2009-2843 | Apple | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. | 5.0 |
| 2009-12-13 | CVE-2009-4306 | Linux | Denial-Of-Service vulnerability in Linux Kernel Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131. | 4.9 |
| 2009-12-10 | CVE-2009-4266 | Yabsoft | Cross-Site Scripting vulnerability in Yabsoft Advanced Image Hosting Script 2.2/2.3 Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter. | 4.3 |
| 2009-12-10 | CVE-2009-4255 | Joomla Youjoomla | Cross-Site Scripting vulnerability in Youjoomla You!Hostit! 1.0.1 Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php. | 4.3 |
| 2009-12-10 | CVE-2009-4253 | Phpee | Cross-Site Scripting vulnerability in PHPee Pphlogger 2.2.5 Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter. | 4.3 |
| 2009-12-10 | CVE-2009-4252 | Clixint | Cross-Site Scripting vulnerability in Clixint Image Hosting Script DPI 1.1 Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter. | 4.3 |
| 2009-12-10 | CVE-2009-4250 | Cutephp Korn19 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. | 4.3 |
| 2009-12-09 | CVE-2009-4239 | IBM | Cross-Site Scripting vulnerability in IBM Infosphere Information Server 8.1 Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-09 | CVE-2009-4149 | CA | Cross-Site Scripting vulnerability in CA Service Desk 12.1 Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | 4.3 |
| 2009-12-08 | CVE-2009-4234 | Micronet | Cross-Site Scripting vulnerability in Micronet Network Access Controller Sp1910 Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
| 2009-12-08 | CVE-2009-4233 | Joomla Youjoomla | Cross-Site Scripting vulnerability in Youjoomla YJ Whois 1.0.0/1.5.0 Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. | 4.3 |
| 2009-12-08 | CVE-2009-4228 | Xfig | Resource Management Errors vulnerability in Xfig 3.2.4/3.2.5 Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c. | 4.3 |
| 2009-12-07 | CVE-2009-4214 | Rubyonrails | Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb. | 4.3 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-12-10 | CVE-2009-4249 | Cutephp | Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.6 Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php. | 2.6 |