Weekly Vulnerabilities Reports > December 21 to 27, 2009

Overview

83 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 69 products from 52 vendors including Typo3, FR Simon Rundell, SQL Ledger, Scriptsez, and Alienvault. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-Site Request Forgery (CSRF)".

  • 77 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 75 reported vulnerabilities are exploitable by an anonymous user.
  • Typo3 has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Gnome has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-21 CVE-2009-4368 Merethis Authentication Mechanism Security Bypass vulnerability in Centreon

Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.

10.0
2009-12-21 CVE-2009-4143 PHP Unspecified vulnerability in PHP

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

10.0
2009-12-21 CVE-2009-3792 Adobe Path Traversal vulnerability in Adobe Flash Media Server

Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors.

10.0
2009-12-21 CVE-2009-4376 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

9.3
2009-12-21 CVE-2009-4035 Gnome
KDE
Xpdf
Code Injection vulnerability in multiple products

The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.

9.3
2009-12-21 CVE-2009-4270 Ghostscript Buffer Errors vulnerability in Ghostscript 8.64/8.70

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

9.3

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-24 CVE-2009-4420 F5 Buffer Errors vulnerability in F5 products

Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors.

7.8
2009-12-24 CVE-2009-4423 Weentech SQL Injection vulnerability in Weentech Weencompany 4.0.0

SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter.

7.5
2009-12-24 CVE-2009-4415 Phpgroupware Path Traversal vulnerability in PHPgroupware 0.9.16.12

Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.

7.5
2009-12-24 CVE-2009-4137 Matomo Improper Input Validation vulnerability in Matomo

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the __destruct function in the Piwik_Config class; php://filter URIs; the __destruct functions in Zend Framework, as demonstrated by the Zend_Log destructor; the shutdown functions in Zend Framework, as demonstrated by the Zend_Log_Writer_Mail class; the render function in the Piwik_View class; Smarty templates; and the _eval function in Smarty.

7.5
2009-12-23 CVE-2009-4405 Edgewall Remote Security vulnerability in Trac

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6."

7.5
2009-12-23 CVE-2009-4402 SQL Ledger Configuration vulnerability in Sql-Ledger 2.8.24

The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.

7.5
2009-12-22 CVE-2009-4401 FR Simon Rundell
Typo3
SQL Injection vulnerability in Fr.Simon Rundell STE Parish Admin

SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-22 CVE-2009-4399 FR Simon Rundell
Typo3
SQL Injection vulnerability in Fr.Simon Rundell HS Religiousartgallery

SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-22 CVE-2009-4396 FR Simon Rundell
Typo3
SQL Injection vulnerability in Fr.Simon Rundell PD Resources

SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-22 CVE-2009-4394 FR Simon Rundell
Typo3
SQL Injection vulnerability in Fr.Simon Rundell STE Prayer2 0.0.2

SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-22 CVE-2009-4393 Daniel Ptzinger
Typo3
SQL Injection vulnerability in Daniel Ptzinger Danp Documentdirs

SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-22 CVE-2009-4392 Typo3 SQL Injection vulnerability in Typo3 XDS Staff

SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-22 CVE-2009-4390 Jochen Rieger
Typo3
SQL Injection vulnerability in Jochen Rieger CAR 0.1.1

SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2009-12-22 CVE-2009-4386 Bookingcentre SQL Injection vulnerability in Bookingcentre Booking System FOR Hotels Group

SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.

7.5
2009-12-22 CVE-2009-4380 Valarsoft SQL Injection vulnerability in Valarsoft Webmatic

Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925.

7.5
2009-12-22 CVE-2009-4140 Teethgrinder CO UK
Matomo
Remote PHP Code Execution vulnerability in Open Flash Chart 'ofc_upload_image.php'

Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.

7.5
2009-12-22 CVE-2009-3702 PHP Calendar Path Traversal vulnerability in PHP-Calendar 1.1

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php.

7.5
2009-12-21 CVE-2009-4375 Alienvault SQL Injection vulnerability in Alienvault Open Source Security Information Management

SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.

7.5
2009-12-21 CVE-2009-4374 Alienvault Path Traversal vulnerability in Alienvault Open Source Security Information Management

Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a ..

7.5
2009-12-21 CVE-2009-4373 Alienvault File-Upload vulnerability in Open Source Security Information Management

Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/.

7.5
2009-12-21 CVE-2009-4372 Alienvault Improper Input Validation vulnerability in Alienvault Open Source Security Information Management

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.

7.5
2009-12-21 CVE-2009-4261 Roman Marxer Path Traversal vulnerability in Roman Marxer Ganeti

Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."

7.5
2009-12-24 CVE-2009-4419 Intel Configuration vulnerability in Intel products

Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded.

7.2
2009-12-21 CVE-2009-4362 IBM Buffer Errors vulnerability in IBM AIX 6.1

Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments.

7.2
2009-12-21 CVE-2009-4361 IBM Buffer Errors vulnerability in IBM AIX 6.1

Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument.

7.2

45 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-24 CVE-2009-4414 Phpgroupware SQL Injection vulnerability in PHPgroupware 0.9.16.012

SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.

6.8
2009-12-23 CVE-2009-4407 Pyforum Cross-Site Request Forgery (CSRF) vulnerability in Pyforum 1.0.0/1.0.1/1.0.2

Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors.

6.8
2009-12-23 CVE-2009-4144 Gnome Cryptographic Issues vulnerability in Gnome Networkmanager 0.7.2

NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.

6.8
2009-12-23 CVE-2009-3580 SQL Ledger Cross-Site Request Forgery (CSRF) vulnerability in Sql-Ledger 2.8.24

Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.

6.8
2009-12-22 CVE-2009-4385 Scriptsez Cross-Site Request Forgery (CSRF) vulnerability in Scriptsez EZ Poll Hoster

Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.

6.8
2009-12-21 CVE-2009-4367 Sitecore Improper Authentication vulnerability in Sitecore Staging Module

The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.

6.8
2009-12-24 CVE-2009-4421 Alexander Palmo Path Traversal vulnerability in Alexander Palmo Simple PHP Blog

Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a ..

6.5
2009-12-23 CVE-2009-4133 Condor Project
Redhat
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
6.5
2009-12-23 CVE-2009-3582 SQL Ledger SQL Injection vulnerability in Sql-Ledger 2.8.24

Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.

6.5
2009-12-24 CVE-2009-4412 S9Y File-Upload vulnerability in Serendipity

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory.

6.0
2009-12-23 CVE-2009-3583 SQL Ledger Path Traversal vulnerability in Sql-Ledger 2.8.24

Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a ..

5.1
2009-12-24 CVE-2009-4418 PHP Numeric Errors vulnerability in PHP

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.

5.0
2009-12-24 CVE-2009-4417 Zend Permissions, Privileges, and Access Controls vulnerability in Zend Framework

The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."

5.0
2009-12-24 CVE-2009-4413 PPS Jussieu Numeric Errors vulnerability in Pps.Jussieu Polipo 0.9.12/0.9.8/1.0.4

The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.

5.0
2009-12-24 CVE-2009-3305 PPS Jussieu Improper Input Validation vulnerability in Pps.Jussieu Polipo 1.0.4

Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.

5.0
2009-12-23 CVE-2009-3584 SQL Ledger Configuration vulnerability in Sql-Ledger 2.8.24

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2009-12-22 CVE-2009-4389 Robert Puntigam
Typo3
Information Disclosure vulnerability in Aba Watchdog 2.0.0/2.0.1

Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

5.0
2009-12-22 CVE-2009-4383 Rocomotion Path Traversal vulnerability in Rocomotion P Forum

Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.

5.0
2009-12-21 CVE-2009-3791 Adobe Remote Denial of Service vulnerability in Adobe Flash Media Server Resource Exhaustion

Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors.

5.0
2009-12-24 CVE-2009-4410 Linux Local Denial of Service vulnerability in Linux Kernel 'fuse_ioctl_copy_user()'

The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors.

4.9
2009-12-24 CVE-2009-4422 Aditus Cross-Site Scripting vulnerability in Aditus Jpgraph 3.0.6

Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph 3.0.6 allow remote attackers to inject arbitrary web script or HTML via a key to csim_in_html_ex1.php, and other unspecified vectors.

4.3
2009-12-24 CVE-2009-4416 Phpgroupware Cross-Site Scripting vulnerability in PHPgroupware 0.9.16.12

Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.

4.3
2009-12-23 CVE-2009-4408 Pyforum Cross-Site Scripting vulnerability in Pyforum 1.0.0/1.0.1/1.0.2

Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are not properly handled when a post is viewed.

4.3
2009-12-23 CVE-2009-4406 APC Cross-Site Scripting vulnerability in APC Ap7932 B2 and Ap7932 B2 Firmware

Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter.

4.3
2009-12-23 CVE-2009-4404 Jochen Striepe Unspecified vulnerability in Jochen Striepe T-Prot

Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message.

4.3
2009-12-23 CVE-2009-4403 Rumbacms Cross-Site Scripting vulnerability in Rumbacms Rumba XML 1.8

Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-12-22 CVE-2009-4400 FR Simon Rundell
Typo3
Cross-Site Scripting vulnerability in Fr.Simon Rundell STE Parish Admin

Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-22 CVE-2009-4398 FR Simon Rundell
Typo3
Cross-Site Scripting vulnerability in Fr.Simon Rundell HS Religiousartgallery

Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-22 CVE-2009-4397 FR Simon Rundell
Typo3
Cross-Site Scripting vulnerability in Fr.Simon Rundell PD Resources

Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-22 CVE-2009-4395 FR Simon Rundell
Typo3
Cross-Site Scripting vulnerability in Fr.Simon Rundell STE Prayer2 0.0.2

Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-22 CVE-2009-4391 Daniel Regelein
Typo3
Cross-Site Scripting vulnerability in Daniel Regelein DR Blob 2.1.1

Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-22 CVE-2009-4388 Frank Krger
Typo3
Cross-Site Scripting vulnerability in Frank Krger NL Listman 1.2.1

Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-22 CVE-2009-4387 Manageengine Cross-Site Scripting vulnerability in Manageengine Password Manager PRO and Password Manager Pro6.1

The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.

4.3
2009-12-22 CVE-2009-4384 Scriptsez Cross-Site Scripting vulnerability in Scriptsez EZ Poll Hoster

Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.

4.3
2009-12-22 CVE-2009-4382 Phpfaber Cross-Site Scripting vulnerability in PHPfaber Content Management System 1.3.36

Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter.

4.3
2009-12-22 CVE-2009-4381 Texmedia Cross-Site Scripting vulnerability in Texmedia Million Pixel Script 3.0

Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter.

4.3
2009-12-22 CVE-2009-4379 Valarsoft Cross-Site Scripting vulnerability in Valarsoft Webmatic

Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924.

4.3
2009-12-21 CVE-2009-4378 Wireshark
Microsoft
Multiple vulnerability in Wireshark 0.9.0 through 1.2.4

The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."

4.3
2009-12-21 CVE-2009-4377 Wireshark Multiple vulnerability in Wireshark 0.9.0 through 1.2.4

The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.

4.3
2009-12-21 CVE-2009-4366 Scriptsez Cross-Site Scripting vulnerability in Scriptsez EZ Blog 1.0

Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.

4.3
2009-12-21 CVE-2009-4365 Scriptsez Cross-Site Request Forgery (CSRF) vulnerability in Scriptsez EZ Blog 1.0

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.

4.3
2009-12-21 CVE-2009-4364 Scriptsez Cross-Site Scripting vulnerability in Scriptsez EZ Blog

Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters.

4.3
2009-12-21 CVE-2009-4363 Horde Cross-Site Scripting vulnerability in Horde Application Framework and Groupware

Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message.

4.3
2009-12-21 CVE-2009-4142 PHP Cross-Site Scripting vulnerability in PHP

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

4.3
2009-12-21 CVE-2009-3701 Horde Cross-Site Scripting vulnerability in Horde Application Framework and Groupware

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

4.3

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-24 CVE-2009-4411 XFS Permissions, Privileges, and Access Controls vulnerability in XFS ACL 2.2.47

The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.

3.7
2009-12-23 CVE-2009-3581 SQL Ledger Cross-Site Scripting vulnerability in Sql-Ledger 2.8.24

Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor.

3.5
2009-12-21 CVE-2009-4371 Drupal Cross-Site Scripting vulnerability in Drupal 6.14/6.15

Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.

3.5
2009-12-21 CVE-2009-4370 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.

3.5
2009-12-21 CVE-2009-4369 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.

3.5
2009-12-23 CVE-2009-4409 IIJ Improper Authentication vulnerability in IIJ Seil/B1

The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.

2.6
2009-12-23 CVE-2009-4145 Gnome Information Exposure vulnerability in Gnome Networkmanager 0.7.2

nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.

2.1