Weekly Vulnerabilities Reports > December 28, 2009 to January 3, 2010
Overview
91 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 70 vendors including Drupal, Zabbix, SUN, Deluxebb, and Joomla. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Path Traversal".
- 88 reported vulnerabilities are remotely exploitables.
- 32 reported vulnerabilities have public exploit available.
- 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 78 reported vulnerabilities are exploitable by an anonymous user.
- Drupal has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Intellicom has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-31 | CVE-2009-4519 | Ortro | Unspecified vulnerability in Ortro Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors. | 10.0 |
2009-12-30 | CVE-2009-4482 | Tversity | Buffer Errors vulnerability in Tversity 1.6 Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by the vd_tversity module in VulnDisco Pack Professional 8.11. | 10.0 |
2009-12-30 | CVE-2009-4476 | Hauri | Buffer Errors vulnerability in Hauri Virobot Desktop 5.5 Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. | 10.0 |
2009-12-30 | CVE-2009-4463 | Intellicom | Credentials Management vulnerability in Intellicom products Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. | 10.0 |
2009-12-30 | CVE-2009-4462 | Intellicom | Buffer Errors vulnerability in Intellicom Netbiterconfig 1.3.0 Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet. | 10.0 |
2009-12-31 | CVE-2009-4502 | Zabbix Freebsd SUN | Permissions, Privileges, and Access Controls vulnerability in Zabbix The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. | 9.3 |
2009-12-30 | CVE-2008-7249 | Pedro Lineu Orso | Buffer Errors vulnerability in Pedro Lineu Orso Sarg 2.2.4 Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167. | 9.3 |
2009-12-30 | CVE-2009-4480 | Azeotech | Buffer Errors vulnerability in Azeotech Daqfactory 5.77 Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. | 9.3 |
21 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-29 | CVE-2009-4453 | Softcab | Unspecified vulnerability in Softcab Sound Converter Activex 1.2 Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. | 8.8 |
2009-12-30 | CVE-2009-4479 | Mailsite | Resource Management Errors vulnerability in Mailsite 8.0.4 LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. | 7.8 |
2009-12-31 | CVE-2009-4499 | Zabbix | SQL Injection vulnerability in Zabbix SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c. | 7.5 |
2009-12-30 | CVE-2009-4477 | Xstate | SQL Injection vulnerability in Xstate Real Estate 1.0 SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
2009-12-30 | CVE-2009-4475 | Joomlub Joomla | SQL Injection vulnerability in Joomlub COM Joomlub SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | 7.5 |
2009-12-30 | CVE-2009-4474 | Mikedeboer Mambo Foundation | SQL Injection vulnerability in Mikedeboer COM Zoom 2.0 SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
2009-12-30 | CVE-2009-4472 | Phpope | Code Injection vulnerability in PHPope Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php. | 7.5 |
2009-12-30 | CVE-2009-4471 | Freeschool | Code Injection vulnerability in Freeschool Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php. | 7.5 |
2009-12-30 | CVE-2009-4470 | Dvbbs | SQL Injection vulnerability in Dvbbs 2.0 SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter. | 7.5 |
2009-12-30 | CVE-2009-4465 | Deluxebb | Permissions, Privileges, and Access Controls vulnerability in Deluxebb 1.3 DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/. | 7.5 |
2009-12-30 | CVE-2009-4457 | Provider4U | Multiple Unspecified vulnerability in Provider4U Vsftpd Webmin Module 1.2A Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server have unknown impact and attack vectors related to "Some security issues." | 7.5 |
2009-12-30 | CVE-2009-4456 | Greendesktiny | SQL Injection vulnerability in Greendesktiny Green Desktiny 2.3.1 SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-12-29 | CVE-2009-4447 | JAX Scripts | Improper Authentication vulnerability in JAX Scripts JAX Guestbook 3.5.0 Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php. | 7.5 |
2009-12-28 | CVE-2009-4437 | Activewebsoftwares | SQL Injection vulnerability in Activewebsoftwares Active Auction House 3.6 Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. | 7.5 |
2009-12-28 | CVE-2009-4436 | Activewebsoftwares | SQL Injection vulnerability in Activewebsoftwares Ewebquiz 8.0 Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706. | 7.5 |
2009-12-28 | CVE-2009-4432 | Codemight | SQL Injection vulnerability in Codemight Videocms 3.1 SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action. | 7.5 |
2009-12-28 | CVE-2009-4431 | Joomla Anything Digital | Code Injection vulnerability in Anything-Digital COM Jcalpro 1.5.3.6 PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2009-12-28 | CVE-2009-4430 | Virtuemart | SQL Injection vulnerability in Virtuemart 1.0 SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action. | 7.5 |
2009-12-28 | CVE-2009-4428 | Joomplace Joomla | SQL Injection vulnerability in Joomplace COM Joomportfolio 1.0.0 SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | 7.5 |
2009-12-28 | CVE-2009-4427 | Phpldapadmin Project | Path Traversal vulnerability in PHPldapadmin Project PHPldapadmin 1.1.0.5 Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-12-28 | CVE-2009-4424 | Imotta Wordpress | SQL Injection vulnerability in Imotta Pyrmont Plugin 2 SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
57 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-31 | CVE-2009-4517 | Nanwich Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Nanwich FAQ ASK Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. | 6.8 |
2009-12-31 | CVE-2009-4498 | Zabbix | OS Command Injection vulnerability in Zabbix The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | 6.8 |
2009-12-29 | CVE-2009-4452 | Kaspersky LAB | Permissions, Privileges, and Access Controls vulnerability in Kaspersky LAB products Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. | 6.8 |
2009-12-29 | CVE-2009-4451 | PHP Html | Unspecified vulnerability in PHP.Html Kandalf Upper 0.1 Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in fileup/. | 6.8 |
2009-12-28 | CVE-2009-4440 | SUN | Race Condition vulnerability in SUN Java System Directory Server Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593. | 6.8 |
2009-12-28 | CVE-2009-1797 | APC | Cross-Site Request Forgery (CSRF) vulnerability in APC Network Management Card and Switched Rack PDU Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. | 6.8 |
2009-12-28 | CVE-2009-4435 | Compmaster PRV PL | Path Traversal vulnerability in Compmaster.Prv.Pl F3Site 2009 Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php. | 6.8 |
2009-12-28 | CVE-2009-4426 | Launchpad | Path Traversal vulnerability in Launchpad Ignition 1.2 Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2009-12-31 | CVE-2009-4528 | Moshe Weitzman Drupal | Permissions, Privileges, and Access Controls vulnerability in Moshe Weitzman OG Vocab 6.X1.0/6.X1.X The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. | 6.5 |
2009-12-29 | CVE-2009-4455 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance 5500 The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. | 6.5 |
2009-12-29 | CVE-2009-4449 | Mybboard | Path Traversal vulnerability in Mybboard Mybb 1.4.10 Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php. | 6.5 |
2009-12-28 | CVE-2009-4438 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | 6.5 |
2009-12-29 | CVE-2009-4445 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Information Services 5.0 Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. | 6.0 |
2009-12-29 | CVE-2009-4444 | Microsoft | Unspecified vulnerability in Microsoft Internet Information Services 5.0/6.0 Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file. | 6.0 |
2009-12-31 | CVE-2009-4512 | Indymedia | Path Traversal vulnerability in Indymedia Oscailt 3.3 Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2009-12-31 | CVE-2009-4533 | Nathan Haug Drupal | Information Exposure vulnerability in Nathan Haug Webform The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. | 5.0 |
2009-12-31 | CVE-2009-4530 | Sergey Lyubka | Information Exposure vulnerability in Sergey Lyubka Mongoose 2.4 Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. | 5.0 |
2009-12-31 | CVE-2009-4526 | Joao Ventura Drupal | Permissions, Privileges, and Access Controls vulnerability in Joao Ventura Print The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form. | 5.0 |
2009-12-31 | CVE-2009-4520 | Kristof DE Jaeger Drupal | Permissions, Privileges, and Access Controls vulnerability in Kristof DE Jaeger Commentreference The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. | 5.0 |
2009-12-31 | CVE-2009-4515 | Speedtech Drupal | Permissions, Privileges, and Access Controls vulnerability in Speedtech Storm The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors. | 5.0 |
2009-12-31 | CVE-2009-4501 | Zabbix | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zabbix The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword. | 5.0 |
2009-12-31 | CVE-2009-4500 | Zabbix | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zabbix The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. | 5.0 |
2009-12-30 | CVE-2009-4483 | Mailsite | Denial-Of-Service vulnerability in Mailsite 8.0.4 Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11. | 5.0 |
2009-12-30 | CVE-2009-4466 | Deluxebb | Information Exposure vulnerability in Deluxebb 1.3 DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. | 5.0 |
2009-12-29 | CVE-2009-4448 | Mybboard | Resource Management Errors vulnerability in Mybboard Mybb 1.4.10 inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors. | 5.0 |
2009-12-29 | CVE-2009-3295 | MIT | Denial Of Service vulnerability in MIT Kerberos 5 1.7 The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request. | 5.0 |
2009-12-28 | CVE-2009-4442 | SUN | Configuration vulnerability in SUN Java System Directory Server Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665. | 5.0 |
2009-12-28 | CVE-2009-4441 | SUN | Denial-Of-Service vulnerability in Java System Directory Server Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. | 5.0 |
2009-12-28 | CVE-2009-4007 | Openttd | Remote Denial of Service vulnerability in OpenTTD Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine. | 5.0 |
2009-12-28 | CVE-2009-4434 | Idevspot | Path Traversal vulnerability in Idevspot Isupport Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2009-12-31 | CVE-2009-4527 | Niif Drupal | Permissions, Privileges, and Access Controls vulnerability in Niif Shib Auth The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser. | 4.6 |
2009-12-31 | CVE-2009-4534 | Nanwich Drupal | Cross-Site Scripting vulnerability in Drupal FAQ Ask Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.3 |
2009-12-31 | CVE-2009-4525 | Joao Ventura Drupal | Cross-Site Scripting vulnerability in Joao Ventura Print Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links. | 4.3 |
2009-12-31 | CVE-2009-4524 | Nancy Wichmann Drupal | Cross-Site Scripting vulnerability in Nancy Wichmann Realname 6.X1.0/6.X1.1/6.X1.2 Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element. | 4.3 |
2009-12-31 | CVE-2009-4523 | Zainu | Cross-Site Scripting vulnerability in Zainu 1.0 Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action. | 4.3 |
2009-12-31 | CVE-2009-4522 | Bloofox | Cross-Site Scripting vulnerability in Bloofox Bloofoxcms 0.3.5 Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. | 4.3 |
2009-12-31 | CVE-2009-4521 | Eclipse | Cross-Site Scripting vulnerability in Eclipse Birt Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter. | 4.3 |
2009-12-31 | CVE-2009-4518 | Mark Burton Drupal | Cross-Site Scripting vulnerability in Mark Burton Insertnode 5.X1.1/5.X1.X Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node. | 4.3 |
2009-12-31 | CVE-2009-4516 | Nanwich Drupal | Cross-Site Scripting vulnerability in Nanwich FAQ ASK Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-30 | CVE-2008-7250 | Pedro Lineu Orso | Cross-Site Scripting vulnerability in Pedro Lineu Orso Sarg 2.2.4 Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. | 4.3 |
2009-12-30 | CVE-2009-4478 | Xstate | Cross-Site Scripting vulnerability in Xstate Real Estate 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html. | 4.3 |
2009-12-30 | CVE-2009-4473 | Ektron | Cross-Site Scripting vulnerability in Ektron Cms4000.Net Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters. | 4.3 |
2009-12-30 | CVE-2009-4469 | Giombetti | Cross-Site Scripting vulnerability in Giombetti PHPpowercards 2.0 Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) archiv parameter, and the (3) subcat parameter. | 4.3 |
2009-12-30 | CVE-2009-4468 | Deluxebb | Cross-Site Scripting vulnerability in Deluxebb 1.3 Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2009-12-30 | CVE-2009-4464 | Activewebsoftwares | Cross-Site Scripting vulnerability in Activewebsoftwares Active Business Directory 2.0 Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2009-12-30 | CVE-2009-4461 | Flatpress | Cross-Site Scripting vulnerability in Flatpress 0.909 Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php. | 4.3 |
2009-12-30 | CVE-2009-4460 | Ljscripts | Cross-Site Scripting vulnerability in Ljscripts Auto-Surf Traffic Exchange Script 1.1 Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to (1) index.php, (2) faq.php, and (3) register.php. | 4.3 |
2009-12-30 | CVE-2009-4459 | Redmine | Cross-Site Scripting vulnerability in Redmine Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8. | 4.3 |
2009-12-30 | CVE-2009-4458 | Freepbx | Cross-Site Scripting vulnerability in Freepbx 2.5.2/2.6.0 Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action. | 4.3 |
2009-12-29 | CVE-2009-4450 | Livezilla | Cross-Site Scripting vulnerability in Livezilla 3.1.8.3 Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl. | 4.3 |
2009-12-29 | CVE-2009-4446 | Ikemcg | Cross-Site Scripting vulnerability in Ikemcg PHPinstantgallery 1.1 Cross-site scripting (XSS) vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
2009-12-28 | CVE-2009-4443 | SUN | Denial-Of-Service vulnerability in Java System Directory Server Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978. | 4.3 |
2009-12-28 | CVE-2009-1798 | APC | Cross-Site Scripting vulnerability in APC Network Management Card and Switched Rack PDU Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-28 | CVE-2009-4433 | Idevspot | Cross-Site Scripting vulnerability in Idevspot Isupport Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. | 4.3 |
2009-12-28 | CVE-2009-4425 | Idevspot | Cross-Site Scripting vulnerability in Idevspot Idevcart 1.09 Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter in a browse action. | 4.3 |
2009-12-30 | CVE-2009-4467 | Deluxebb | Improper Input Validation vulnerability in Deluxebb 1.3 misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action. | 4.0 |
2009-12-28 | CVE-2009-4439 | IBM | Denial-Of-Service vulnerability in IBM DB2 9.5 Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-12-31 | CVE-2009-4532 | Nathan Haug Drupal | Cross-Site Scripting vulnerability in Nathan Haug Webform Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label. | 3.5 |
2009-12-31 | CVE-2009-4514 | Astha Bhatnagar Drupal | Cross-Site Scripting vulnerability in Astha Bhatnagar Shindigintegrator 5/6.X1.Xdev/6.X2.0Alpha1 Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2009-12-31 | CVE-2009-4513 | John Vandyk Drupal | Cross-Site Scripting vulnerability in John Vandyk Workflow Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state. | 3.5 |
2009-12-28 | CVE-2009-4429 | Alexander Hass Drupal | Cross-Site Scripting vulnerability in Alexander Hass Sections Module Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field). | 3.5 |
2009-12-29 | CVE-2009-4454 | Saini | Link Following vulnerability in Saini Videocache 1.9.2 vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log. | 3.3 |