Weekly Vulnerabilities Reports > December 14 to 20, 2009

Overview

89 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 61 products from 46 vendors including Mozilla, IBM, Typo3, Moodle, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".

  • 81 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 84 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-18 CVE-2007-2281 HP Numeric Errors vulnerability in HP Openview Storage Data Protector 5.50/6.0

Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter.

10.0
2009-12-18 CVE-2007-2280 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 5.50/6.0

Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.

10.0
2009-12-16 CVE-2009-4335 IBM Remote Security vulnerability in IBM DB2 9.5

Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits."

10.0
2009-12-18 CVE-2009-4356 Nullsoft Numeric Errors vulnerability in Nullsoft Winamp

Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

9.3
2009-12-18 CVE-2009-3996 Nullsoft
Raphael Assenat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.

9.3
2009-12-18 CVE-2009-2880 Cisco Buffer Errors vulnerability in Cisco Webex 26.00/27.00

Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.

9.3
2009-12-18 CVE-2009-2879 Cisco Buffer Errors vulnerability in Cisco Webex 26.00/27.00

Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.

9.3
2009-12-18 CVE-2009-2878 Cisco Buffer Errors vulnerability in Cisco Webex 26.00/27.00

Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879.

9.3
2009-12-18 CVE-2009-2877 Cisco Buffer Errors vulnerability in Cisco Webex 26.00/27.00

Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.

9.3
2009-12-18 CVE-2009-2876 Cisco Buffer Errors vulnerability in Cisco Webex 26.00/27.00

Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.

9.3
2009-12-18 CVE-2009-2875 Cisco Buffer Errors vulnerability in Cisco Webex 26.00/27.00

Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.

9.3
2009-12-18 CVE-2009-3997 Nullsoft Numeric Errors vulnerability in Nullsoft Winamp

Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.

9.3
2009-12-18 CVE-2009-3995 Nullsoft
Raphael Assenat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.

9.3
2009-12-17 CVE-2009-3982 Mozilla JavaScript Engine Multiple Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2009-12-17 CVE-2009-3981 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2009-12-17 CVE-2009-3980 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2009-12-17 CVE-2009-3979 Mozilla Remote Memory Corruption vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3
2009-12-17 CVE-2009-3389 Mozilla Numeric Errors vulnerability in Mozilla Firefox and Seamonkey

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

9.3
2009-12-17 CVE-2009-3388 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."

9.3
2009-12-15 CVE-2009-4324 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

9.3

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-17 CVE-2009-3987 Mozilla Information Exposure vulnerability in Mozilla Firefox and Seamonkey

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.

7.8
2009-12-17 CVE-2009-3986 Mozilla Code Injection vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.

7.6
2009-12-20 CVE-2009-4360 Handcoders
Xoops
SQL Injection vulnerability in Handcoders Content Module 0.5

SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.

7.5
2009-12-18 CVE-2009-3703 Fahlstad
Wordpress
SQL Injection vulnerability in Fahlstad Wp-Forum

Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.

7.5
2009-12-17 CVE-2009-4350 Boldfx SQL Injection vulnerability in Boldfx Arctic Issue Tracker 2.1.1

SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250.

7.5
2009-12-17 CVE-2009-4342 Melvin Mach
Typo3
SQL Injection vulnerability in Melvin Mach Jobexchange 0.0.3

SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-12-17 CVE-2009-4341 Mischa Heissmann
Typo3
SQL Injection vulnerability in Mischa Heissmann NO Indexed Search 0.2.0

SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-12-17 CVE-2009-4339 Stephan Vits
Typo3
SQL Injection vulnerability in Stephan Vits MF Subscription 0.2.2

SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-12-17 CVE-2009-4338 Typo3
Jean David Gadina
SQL Injection vulnerability in Jean-David Gadina Slideshow 0.2.2

SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2009-12-17 CVE-2009-4337 Simon Rundell
Typo3
SQL Injection vulnerability in Simon Rundell PD Calendar Today 0.0.3

SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.

7.5
2009-12-16 CVE-2009-4333 IBM Information Exposure vulnerability in IBM DB2 9.5

The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.

7.5
2009-12-16 CVE-2009-4304 Moodle Credentials Management vulnerability in Moodle

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.

7.5
2009-12-14 CVE-2009-4323 ZEN Cart Information Disclosure vulnerability in Zen Cart

The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322.

7.5
2009-12-16 CVE-2009-4331 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5/9.7

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.

7.2
2009-12-16 CVE-2009-4330 IBM Local Security vulnerability in IBM DB2 9.5

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors.

7.2

53 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-17 CVE-2009-4351 Wscreator SQL Injection vulnerability in Wscreator 1.1

SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.

6.8
2009-12-17 CVE-2009-4349 Phpwebscripts Cross-Site Request Forgery (CSRF) vulnerability in PHPwebscripts Link UP Gold 5.0

Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

6.8
2009-12-17 CVE-2009-3985 Mozilla Multiple vulnerability in RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.

6.8
2009-12-17 CVE-2009-3984 Mozilla Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.

6.8
2009-12-17 CVE-2009-3983 Mozilla Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.

6.8
2009-12-16 CVE-2009-4297 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2009-12-16 CVE-2008-7248 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails

Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

6.8
2009-12-14 CVE-2009-4319 Eocms Code Injection vulnerability in Eocms

PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.

6.8
2009-12-14 CVE-2009-4315 Nuggetz Path Traversal vulnerability in Nuggetz CMS 1.0

Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a ..

6.8
2009-12-16 CVE-2009-4305 Moodle SQL Injection vulnerability in Moodle

SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."

6.5
2009-12-15 CVE-2009-4136 Postgresql Local Privilege Escalation vulnerability in PostgreSQL Index Function Session State Modification

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.

6.5
2009-12-16 CVE-2009-4325 IBM Improper Input Validation vulnerability in IBM DB2

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

6.4
2009-12-16 CVE-2009-4301 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.

6.0
2009-12-17 CVE-2009-4354 Transware Credentials Management vulnerability in Transware Active! Mail 1.422/2.0

TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.

5.8
2009-12-17 CVE-2009-4353 Transware Remote Security vulnerability in Active! Mail

The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.

5.8
2009-12-15 CVE-2009-4034 Postgresql Cryptographic Issues vulnerability in Postgresql

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

5.8
2009-12-14 CVE-2009-4130 Mozilla Unspecified vulnerability in Mozilla Firefox

Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

5.8
2009-12-14 CVE-2009-4129 Mozilla Race Condition vulnerability in Mozilla Firefox

Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.

5.8
2009-12-18 CVE-2009-4357 IBM Information Exposure vulnerability in IBM Rational Clearcase and Rational Clearquest

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.

5.0
2009-12-16 CVE-2009-4332 IBM Denial-Of-Service vulnerability in DB2 9.1/9.5/9.7

db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.

5.0
2009-12-16 CVE-2009-4327 IBM Improper Input Validation vulnerability in IBM DB2 9.5/9.7

The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.

5.0
2009-12-16 CVE-2009-4303 Moodle Information Exposure vulnerability in Moodle

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.

5.0
2009-12-16 CVE-2009-4302 Moodle Cryptographic Issues vulnerability in Moodle

login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.

5.0
2009-12-16 CVE-2009-4300 Moodle Information Exposure vulnerability in Moodle

Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.

5.0
2009-12-16 CVE-2009-4299 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.

5.0
2009-12-16 CVE-2009-4298 Moodle Information Exposure vulnerability in Moodle

The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.

5.0
2009-12-14 CVE-2009-4322 ZEN Cart Information Exposure vulnerability in Zen-Cart ZEN Cart

extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

5.0
2009-12-14 CVE-2009-4321 ZEN Cart Improper Input Validation vulnerability in Zen-Cart ZEN Cart 1.3.8/1.3.8A

extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI.

5.0
2009-12-20 CVE-2009-4358 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd

freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.

4.7
2009-12-16 CVE-2009-4138 Linux Resource Management Errors vulnerability in Linux Kernel

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.

4.7
2009-12-16 CVE-2009-4334 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

4.6
2009-12-20 CVE-2009-4029 GNU Race Condition vulnerability in GNU Automake 1.10.3/1.11.1/Branch

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

4.4
2009-12-14 CVE-2009-4314 SUN Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software 4.1

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.

4.4
2009-12-20 CVE-2009-4359 Marc Andre Lanciault
Xoops
Cross-Site Scripting vulnerability in Marc-Andre Lanciault Smartmedia 0.85

Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter.

4.3
2009-12-17 CVE-2009-4352 Transware Cross-Site Scripting vulnerability in Transware Active Mail 2003

Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Cc, and (4) Bcc parameters.

4.3
2009-12-17 CVE-2009-4348 Haroldbakker Cross-Site Scripting vulnerability in Haroldbakker Hb-Ns 1.3

Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146.

4.3
2009-12-17 CVE-2009-4347 Liran TAL Cross-Site Scripting vulnerability in Liran TAL Daloradius

Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.

4.3
2009-12-17 CVE-2009-4346 Toni Milovan
Typo3
Cross-Site Scripting vulnerability in Toni Milovan FE Rtenews 1.4.1

Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-17 CVE-2009-4345 Jonas Renggli
Typo3
Cross-Site Scripting vulnerability in Jonas Renggli Vshoutbox 0.0.1

Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-17 CVE-2009-4344 Tobias Sommer
Typo3
Cross-Site Scripting vulnerability in Tobias Sommer ZID Linklist 1.0.0

Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-17 CVE-2009-4343 Dominic Eckart
Typo3
Cross-Site Scripting vulnerability in Dominic Eckart Trainincdb 0.4.7

Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-17 CVE-2009-4340 Mischa Heissmann
Typo3
Cross-Site Scripting vulnerability in Mischa Heissmann NO Indexed Search 0.2.0

Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-17 CVE-2009-4336 Simon Rundell
Typo3
Cross-Site Scripting vulnerability in Simon Rundell PD Calendar Today 0.0.3

Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-16 CVE-2009-4326 IBM Information Exposure vulnerability in IBM DB2 9.5/9.7

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.

4.3
2009-12-16 CVE-2009-3731 Webworks
Vmware
Microsoft
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

4.3
2009-12-15 CVE-2009-2405 Redhat Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Application Platform

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp.

4.3
2009-12-15 CVE-2009-1380 Redhat Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Application Platform

Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.

4.3
2009-12-14 CVE-2009-4320 Lythgoes Cross-Site Scripting vulnerability in Lythgoes the Next Generation of Genealogy Sitebuilding 7.1.2

Cross-site scripting (XSS) vulnerability in searchform.php in The Next Generation of Genealogy Sitebuilding (TNG) 7.1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2009-12-14 CVE-2009-4318 Realestatephp Cross-Site Scripting vulnerability in Realestatephp Real Estate Manager 1.0.1

Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2009-12-14 CVE-2009-4317 Scriptsez Cross-Site Scripting vulnerability in Scriptsez EZ Cart

Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action.

4.3
2009-12-14 CVE-2009-4316 Zeeways Cross-Site Scripting vulnerability in Zeeways Zeelyrics 3X

Cross-site scripting (XSS) vulnerability in searchresults_main.php in ZeeLyrics 3x allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

4.3
2009-12-16 CVE-2009-4329 IBM Denial-Of-Service vulnerability in IBM DB2 9.5

Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.

4.0
2009-12-16 CVE-2009-4328 IBM Denial-Of-Service vulnerability in IBM DB2 9.5

Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-15 CVE-2009-3554 Redhat Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform 4.2/4.2.0/4.2.2

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

2.1