Weekly Vulnerabilities Reports > December 14 to 20, 2009
Overview
85 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 59 products from 44 vendors including Mozilla, IBM, Typo3, Moodle, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".
- 78 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities have public exploit available.
- 26 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 80 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
20 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-18 | CVE-2007-2281 | HP | Numeric Errors vulnerability in HP Openview Storage Data Protector 5.50/6.0 Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter. | 10.0 |
2009-12-18 | CVE-2007-2280 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 5.50/6.0 Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844. | 10.0 |
2009-12-16 | CVE-2009-4335 | IBM | Remote Security vulnerability in IBM DB2 9.5 Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." | 10.0 |
2009-12-18 | CVE-2009-4356 | Nullsoft | Numeric Errors vulnerability in Nullsoft Winamp Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file. | 9.3 |
2009-12-18 | CVE-2009-3996 | Nullsoft Raphael Assenat | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. | 9.3 |
2009-12-18 | CVE-2009-2880 | Cisco | Buffer Errors vulnerability in Cisco Webex 26.00/27.00 Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | 9.3 |
2009-12-18 | CVE-2009-2879 | Cisco | Buffer Errors vulnerability in Cisco Webex 26.00/27.00 Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878. | 9.3 |
2009-12-18 | CVE-2009-2878 | Cisco | Buffer Errors vulnerability in Cisco Webex 26.00/27.00 Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879. | 9.3 |
2009-12-18 | CVE-2009-2877 | Cisco | Buffer Errors vulnerability in Cisco Webex 26.00/27.00 Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | 9.3 |
2009-12-18 | CVE-2009-2876 | Cisco | Buffer Errors vulnerability in Cisco Webex 26.00/27.00 Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879. | 9.3 |
2009-12-18 | CVE-2009-2875 | Cisco | Buffer Errors vulnerability in Cisco Webex 26.00/27.00 Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | 9.3 |
2009-12-18 | CVE-2009-3997 | Nullsoft | Numeric Errors vulnerability in Nullsoft Winamp Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow. | 9.3 |
2009-12-18 | CVE-2009-3995 | Nullsoft Raphael Assenat | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. | 9.3 |
2009-12-17 | CVE-2009-3982 | Mozilla | JavaScript Engine Multiple Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2009-12-17 | CVE-2009-3981 | Mozilla | Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2009-12-17 | CVE-2009-3980 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2009-12-17 | CVE-2009-3979 | Mozilla | Remote Memory Corruption vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2009-12-17 | CVE-2009-3389 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox and Seamonkey Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | 9.3 |
2009-12-17 | CVE-2009-3388 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | 9.3 |
2009-12-15 | CVE-2009-4324 | Adobe | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. | 9.3 |
15 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-17 | CVE-2009-3987 | Mozilla | Information Exposure vulnerability in Mozilla Firefox and Seamonkey The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. | 7.8 |
2009-12-17 | CVE-2009-3986 | Mozilla | Code Injection vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | 7.6 |
2009-12-20 | CVE-2009-4360 | Handcoders Xoops | SQL Injection vulnerability in Handcoders Content Module 0.5 SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 7.5 |
2009-12-18 | CVE-2009-3703 | Fahlstad Wordpress | SQL Injection vulnerability in Fahlstad Wp-Forum Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php. | 7.5 |
2009-12-17 | CVE-2009-4350 | Boldfx | SQL Injection vulnerability in Boldfx Arctic Issue Tracker 2.1.1 SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250. | 7.5 |
2009-12-17 | CVE-2009-4342 | Melvin Mach Typo3 | SQL Injection vulnerability in Melvin Mach Jobexchange 0.0.3 SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-12-17 | CVE-2009-4341 | Mischa Heissmann Typo3 | SQL Injection vulnerability in Mischa Heissmann NO Indexed Search 0.2.0 SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-12-17 | CVE-2009-4339 | Stephan Vits Typo3 | SQL Injection vulnerability in Stephan Vits MF Subscription 0.2.2 SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-12-17 | CVE-2009-4338 | Typo3 Jean David Gadina | SQL Injection vulnerability in Jean-David Gadina Slideshow 0.2.2 SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-12-17 | CVE-2009-4337 | Simon Rundell Typo3 | SQL Injection vulnerability in Simon Rundell PD Calendar Today 0.0.3 SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. | 7.5 |
2009-12-16 | CVE-2009-4333 | IBM | Information Exposure vulnerability in IBM DB2 9.5 The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | 7.5 |
2009-12-16 | CVE-2009-4304 | Moodle | Credentials Management vulnerability in Moodle Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | 7.5 |
2009-12-14 | CVE-2009-4323 | ZEN Cart | Information Disclosure vulnerability in Zen Cart The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322. | 7.5 |
2009-12-16 | CVE-2009-4331 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5/9.7 The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | 7.2 |
2009-12-16 | CVE-2009-4330 | IBM | Local Security vulnerability in IBM DB2 9.5 Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors. | 7.2 |
49 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-17 | CVE-2009-4351 | Wscreator | SQL Injection vulnerability in Wscreator 1.1 SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter. | 6.8 |
2009-12-17 | CVE-2009-4349 | Phpwebscripts | Cross-Site Request Forgery (CSRF) vulnerability in PHPwebscripts Link UP Gold 5.0 Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | 6.8 |
2009-12-17 | CVE-2009-3985 | Mozilla | Multiple vulnerability in RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | 6.8 |
2009-12-17 | CVE-2009-3984 | Mozilla | Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | 6.8 |
2009-12-17 | CVE-2009-3983 | Mozilla | Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | 6.8 |
2009-12-16 | CVE-2009-4297 | Moodle | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2009-12-14 | CVE-2009-4319 | Eocms | Code Injection vulnerability in Eocms PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter. | 6.8 |
2009-12-14 | CVE-2009-4315 | Nuggetz | Path Traversal vulnerability in Nuggetz CMS 1.0 Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. | 6.8 |
2009-12-16 | CVE-2009-4305 | Moodle | SQL Injection vulnerability in Moodle SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | 6.5 |
2009-12-15 | CVE-2009-4136 | Postgresql | Local Privilege Escalation vulnerability in PostgreSQL Index Function Session State Modification PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. | 6.5 |
2009-12-16 | CVE-2009-4325 | IBM | Improper Input Validation vulnerability in IBM DB2 The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | 6.4 |
2009-12-16 | CVE-2009-4301 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | 6.0 |
2009-12-17 | CVE-2009-4354 | Transware | Credentials Management vulnerability in Transware Active! Mail 1.422/2.0 TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | 5.8 |
2009-12-17 | CVE-2009-4353 | Transware | Remote Security vulnerability in Active! Mail The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL. | 5.8 |
2009-12-15 | CVE-2009-4034 | Postgresql | Cryptographic Issues vulnerability in Postgresql PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 5.8 |
2009-12-14 | CVE-2009-4130 | Mozilla | Unspecified vulnerability in Mozilla Firefox Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | 5.8 |
2009-12-14 | CVE-2009-4129 | Mozilla | Race Condition vulnerability in Mozilla Firefox Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. | 5.8 |
2009-12-18 | CVE-2009-4357 | IBM | Information Exposure vulnerability in IBM Rational Clearcase and Rational Clearquest CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. | 5.0 |
2009-12-16 | CVE-2009-4332 | IBM | Denial-Of-Service vulnerability in DB2 9.1/9.5/9.7 db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | 5.0 |
2009-12-16 | CVE-2009-4327 | IBM | Improper Input Validation vulnerability in IBM DB2 9.5/9.7 The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | 5.0 |
2009-12-16 | CVE-2009-4303 | Moodle | Information Exposure vulnerability in Moodle Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. | 5.0 |
2009-12-16 | CVE-2009-4302 | Moodle | Cryptographic Issues vulnerability in Moodle login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | 5.0 |
2009-12-16 | CVE-2009-4300 | Moodle | Information Exposure vulnerability in Moodle Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | 5.0 |
2009-12-16 | CVE-2009-4299 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | 5.0 |
2009-12-16 | CVE-2009-4298 | Moodle | Information Exposure vulnerability in Moodle The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | 5.0 |
2009-12-14 | CVE-2009-4322 | ZEN Cart | Information Exposure vulnerability in Zen-Cart ZEN Cart extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | 5.0 |
2009-12-14 | CVE-2009-4321 | ZEN Cart | Improper Input Validation vulnerability in Zen-Cart ZEN Cart 1.3.8/1.3.8A extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. | 5.0 |
2009-12-20 | CVE-2009-4358 | Freebsd | Permissions, Privileges, and Access Controls vulnerability in Freebsd freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. | 4.7 |
2009-12-16 | CVE-2009-4334 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | 4.6 |
2009-12-20 | CVE-2009-4029 | GNU | Race Condition vulnerability in GNU Automake 1.10.3/1.11.1/Branch The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | 4.4 |
2009-12-14 | CVE-2009-4314 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software 4.1 Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device. | 4.4 |
2009-12-20 | CVE-2009-4359 | Marc Andre Lanciault Xoops | Cross-Site Scripting vulnerability in Marc-Andre Lanciault Smartmedia 0.85 Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter. | 4.3 |
2009-12-17 | CVE-2009-4352 | Transware | Cross-Site Scripting vulnerability in Transware Active Mail 2003 Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Cc, and (4) Bcc parameters. | 4.3 |
2009-12-17 | CVE-2009-4348 | Haroldbakker | Cross-Site Scripting vulnerability in Haroldbakker Hb-Ns 1.3 Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146. | 4.3 |
2009-12-17 | CVE-2009-4347 | Liran TAL | Cross-Site Scripting vulnerability in Liran TAL Daloradius Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 4.3 |
2009-12-17 | CVE-2009-4346 | Toni Milovan Typo3 | Cross-Site Scripting vulnerability in Toni Milovan FE Rtenews 1.4.1 Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-17 | CVE-2009-4345 | Jonas Renggli Typo3 | Cross-Site Scripting vulnerability in Jonas Renggli Vshoutbox 0.0.1 Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-17 | CVE-2009-4344 | Tobias Sommer Typo3 | Cross-Site Scripting vulnerability in Tobias Sommer ZID Linklist 1.0.0 Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-17 | CVE-2009-4343 | Dominic Eckart Typo3 | Cross-Site Scripting vulnerability in Dominic Eckart Trainincdb 0.4.7 Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-17 | CVE-2009-4340 | Mischa Heissmann Typo3 | Cross-Site Scripting vulnerability in Mischa Heissmann NO Indexed Search 0.2.0 Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-17 | CVE-2009-4336 | Simon Rundell Typo3 | Cross-Site Scripting vulnerability in Simon Rundell PD Calendar Today 0.0.3 Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-16 | CVE-2009-4326 | IBM | Information Exposure vulnerability in IBM DB2 9.5/9.7 The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | 4.3 |
2009-12-16 | CVE-2009-3731 | Webworks Vmware Microsoft | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. | 4.3 |
2009-12-14 | CVE-2009-4320 | Lythgoes | Cross-Site Scripting vulnerability in Lythgoes the Next Generation of Genealogy Sitebuilding 7.1.2 Cross-site scripting (XSS) vulnerability in searchform.php in The Next Generation of Genealogy Sitebuilding (TNG) 7.1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2009-12-14 | CVE-2009-4318 | Realestatephp | Cross-Site Scripting vulnerability in Realestatephp Real Estate Manager 1.0.1 Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
2009-12-14 | CVE-2009-4317 | Scriptsez | Cross-Site Scripting vulnerability in Scriptsez EZ Cart Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action. | 4.3 |
2009-12-14 | CVE-2009-4316 | Zeeways | Cross-Site Scripting vulnerability in Zeeways Zeelyrics 3X Cross-site scripting (XSS) vulnerability in searchresults_main.php in ZeeLyrics 3x allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 4.3 |
2009-12-16 | CVE-2009-4329 | IBM | Denial-Of-Service vulnerability in IBM DB2 9.5 Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | 4.0 |
2009-12-16 | CVE-2009-4328 | IBM | Denial-Of-Service vulnerability in IBM DB2 9.5 Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-15 | CVE-2009-3554 | Redhat | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform 4.2/4.2.0/4.2.2 Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. | 2.1 |