Weekly Vulnerabilities Reports > December 28, 2009 to January 3, 2010

Overview

95 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 77 vendors including Drupal, Zabbix, SUN, Deluxebb, and Joomla. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".

  • 92 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities have public exploit available.
  • 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 82 reported vulnerabilities are exploitable by an anonymous user.
  • Drupal has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Intellicom has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-31 CVE-2009-4519 Ortro Unspecified vulnerability in Ortro

Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors.

10.0
2009-12-30 CVE-2009-4482 Tversity Buffer Errors vulnerability in Tversity 1.6

Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by the vd_tversity module in VulnDisco Pack Professional 8.11.

10.0
2009-12-30 CVE-2009-4476 Hauri Buffer Errors vulnerability in Hauri Virobot Desktop 5.5

Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11.

10.0
2009-12-30 CVE-2009-4463 Intellicom Credentials Management vulnerability in Intellicom products

Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service.

10.0
2009-12-30 CVE-2009-4462 Intellicom Buffer Errors vulnerability in Intellicom Netbiterconfig 1.3.0

Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.

10.0
2009-12-31 CVE-2009-4502 Zabbix
Freebsd
SUN
Permissions, Privileges, and Access Controls vulnerability in Zabbix

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen.

9.3
2009-12-30 CVE-2008-7249 Pedro Lineu Orso Buffer Errors vulnerability in Pedro Lineu Orso Sarg 2.2.4

Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.

9.3
2009-12-30 CVE-2009-4480 Azeotech Buffer Errors vulnerability in Azeotech Daqfactory 5.77

Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11.

9.3

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-29 CVE-2009-4453 Softcab Unspecified vulnerability in Softcab Sound Converter Activex 1.2

Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method.

8.8
2009-12-30 CVE-2009-4479 Mailsite Resource Management Errors vulnerability in Mailsite 8.0.4

LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11.

7.8
2009-12-31 CVE-2009-4499 Zabbix SQL Injection vulnerability in Zabbix

SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.

7.5
2009-12-30 CVE-2009-4484 Oracle
Wolfssl
Canonical
Debian
Out-Of-Bounds Write vulnerability in multiple products

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11.

7.5
2009-12-30 CVE-2009-4477 Xstate SQL Injection vulnerability in Xstate Real Estate 1.0

SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2009-12-30 CVE-2009-4475 Joomlub
Joomla
SQL Injection vulnerability in Joomlub COM Joomlub

SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.

7.5
2009-12-30 CVE-2009-4474 Mikedeboer
Mambo Foundation
SQL Injection vulnerability in Mikedeboer COM Zoom 2.0

SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5
2009-12-30 CVE-2009-4472 Phpope Code Injection vulnerability in PHPope

Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php.

7.5
2009-12-30 CVE-2009-4471 Freeschool Code Injection vulnerability in Freeschool

Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php.

7.5
2009-12-30 CVE-2009-4470 Dvbbs SQL Injection vulnerability in Dvbbs 2.0

SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.

7.5
2009-12-30 CVE-2009-4465 Deluxebb Permissions, Privileges, and Access Controls vulnerability in Deluxebb 1.3

DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.

7.5
2009-12-30 CVE-2009-4457 Provider4U Multiple Unspecified vulnerability in Provider4U Vsftpd Webmin Module 1.2A

Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server have unknown impact and attack vectors related to "Some security issues."

7.5
2009-12-30 CVE-2009-4456 Greendesktiny SQL Injection vulnerability in Greendesktiny Green Desktiny 2.3.1

SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2009-12-29 CVE-2009-4447 JAX Scripts Improper Authentication vulnerability in JAX Scripts JAX Guestbook 3.5.0

Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.

7.5
2009-12-28 CVE-2009-4437 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Active Auction House 3.6

Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp.

7.5
2009-12-28 CVE-2009-4436 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Ewebquiz 8.0

Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.

7.5
2009-12-28 CVE-2009-4432 Codemight SQL Injection vulnerability in Codemight Videocms 3.1

SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.

7.5
2009-12-28 CVE-2009-4431 Joomla
Anything Digital
Code Injection vulnerability in Anything-Digital COM Jcalpro 1.5.3.6

PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2009-12-28 CVE-2009-4430 Virtuemart SQL Injection vulnerability in Virtuemart 1.0

SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.

7.5
2009-12-28 CVE-2009-4428 Joomplace
Joomla
SQL Injection vulnerability in Joomplace COM Joomportfolio 1.0.0

SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php.

7.5
2009-12-28 CVE-2009-4427 Phpldapadmin Project Path Traversal vulnerability in PHPldapadmin Project PHPldapadmin 1.1.0.5

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2009-12-28 CVE-2009-4424 Imotta
Wordpress
SQL Injection vulnerability in Imotta Pyrmont Plugin 2

SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-31 CVE-2009-4517 Nanwich
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in Nanwich FAQ ASK

Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.

6.8
2009-12-31 CVE-2009-4498 Zabbix OS Command Injection vulnerability in Zabbix

The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.

6.8
2009-12-29 CVE-2009-4452 Kaspersky LAB Permissions, Privileges, and Access Controls vulnerability in Kaspersky LAB products

Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.

6.8
2009-12-29 CVE-2009-4451 PHP Html Unspecified vulnerability in PHP.Html Kandalf Upper 0.1

Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in fileup/.

6.8
2009-12-28 CVE-2009-4440 SUN Race Condition vulnerability in SUN Java System Directory Server

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.

6.8
2009-12-28 CVE-2009-1797 APC Cross-Site Request Forgery (CSRF) vulnerability in APC Network Management Card and Switched Rack PDU

Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact.

6.8
2009-12-28 CVE-2009-4435 Compmaster PRV PL Path Traversal vulnerability in Compmaster.Prv.Pl F3Site 2009

Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.

6.8
2009-12-28 CVE-2009-4426 Launchpad Path Traversal vulnerability in Launchpad Ignition 1.2

Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..

6.8
2009-12-31 CVE-2009-4528 Moshe Weitzman
Drupal
Permissions, Privileges, and Access Controls vulnerability in Moshe Weitzman OG Vocab 6.X1.0/6.X1.X

The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors.

6.5
2009-12-29 CVE-2009-4455 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance 5500

The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding.

6.5
2009-12-28 CVE-2009-4438 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

6.5
2009-12-29 CVE-2009-4449 Mybboard Path Traversal vulnerability in Mybboard Mybb 1.4.10

Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.

6.3
2009-12-29 CVE-2009-4445 Microsoft Improper Input Validation vulnerability in Microsoft Internet Information Services 5.0

Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax.

6.0
2009-12-29 CVE-2009-4444 Microsoft Unspecified vulnerability in Microsoft Internet Information Services 5.0/6.0

Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.

6.0
2009-12-31 CVE-2009-4512 Indymedia Path Traversal vulnerability in Indymedia Oscailt 3.3

Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a ..

5.1
2009-12-31 CVE-2009-4535 Valenok Information Exposure vulnerability in Valenok Mongoose

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.

5.0
2009-12-31 CVE-2009-4533 Nathan Haug
Drupal
Information Exposure vulnerability in Nathan Haug Webform

The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.

5.0
2009-12-31 CVE-2009-4531 Jasper Information Exposure vulnerability in Jasper Httpdx 1.4/1.4.3

httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a .

5.0
2009-12-31 CVE-2009-4530 Sergey Lyubka Information Exposure vulnerability in Sergey Lyubka Mongoose 2.4

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI.

5.0
2009-12-31 CVE-2009-4529 Intervations Information Exposure vulnerability in Intervations Navicopa web Server 2.01/3.01

InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs.

5.0
2009-12-31 CVE-2009-4526 Joao Ventura
Drupal
Permissions, Privileges, and Access Controls vulnerability in Joao Ventura Print

The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form.

5.0
2009-12-31 CVE-2009-4520 Kristof DE Jaeger
Drupal
Permissions, Privileges, and Access Controls vulnerability in Kristof DE Jaeger Commentreference

The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.

5.0
2009-12-31 CVE-2009-4515 Speedtech
Drupal
Permissions, Privileges, and Access Controls vulnerability in Speedtech Storm

The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.

5.0
2009-12-31 CVE-2009-4501 Zabbix Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zabbix

The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.

5.0
2009-12-31 CVE-2009-4500 Zabbix Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zabbix

The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.

5.0
2009-12-30 CVE-2009-4483 Mailsite Denial-Of-Service vulnerability in Mailsite 8.0.4

Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.13 through 8.11.

5.0
2009-12-30 CVE-2009-4466 Deluxebb Information Exposure vulnerability in Deluxebb 1.3

DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message.

5.0
2009-12-29 CVE-2009-4448 Mybboard Resource Management Errors vulnerability in Mybboard Mybb 1.4.10

inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.

5.0
2009-12-29 CVE-2009-3295 MIT Denial Of Service vulnerability in MIT Kerberos 5 1.7

The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.

5.0
2009-12-28 CVE-2009-4442 SUN Configuration vulnerability in SUN Java System Directory Server

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665.

5.0
2009-12-28 CVE-2009-4441 SUN Denial-Of-Service vulnerability in Java System Directory Server

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659.

5.0
2009-12-28 CVE-2009-4007 Openttd Remote Denial of Service vulnerability in OpenTTD

Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine.

5.0
2009-12-28 CVE-2009-4434 Idevspot Path Traversal vulnerability in Idevspot Isupport

Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2009-12-31 CVE-2009-4527 Niif
Drupal
Permissions, Privileges, and Access Controls vulnerability in Niif Shib Auth

The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.

4.6
2009-12-31 CVE-2009-4534 Nanwich
Drupal
Cross-Site Scripting vulnerability in Drupal FAQ Ask

Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.3
2009-12-31 CVE-2009-4525 Joao Ventura
Drupal
Cross-Site Scripting vulnerability in Joao Ventura Print

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links.

4.3
2009-12-31 CVE-2009-4524 Nancy Wichmann
Drupal
Cross-Site Scripting vulnerability in Nancy Wichmann Realname 6.X1.0/6.X1.1/6.X1.2

Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.

4.3
2009-12-31 CVE-2009-4523 Zainu Cross-Site Scripting vulnerability in Zainu 1.0

Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action.

4.3
2009-12-31 CVE-2009-4522 Bloofox Cross-Site Scripting vulnerability in Bloofox Bloofoxcms 0.3.5

Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php.

4.3
2009-12-31 CVE-2009-4521 Eclipse Cross-Site Scripting vulnerability in Eclipse Birt

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

4.3
2009-12-31 CVE-2009-4518 Mark Burton
Drupal
Cross-Site Scripting vulnerability in Mark Burton Insertnode 5.X1.1/5.X1.X

Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.

4.3
2009-12-31 CVE-2009-4516 Nanwich
Drupal
Cross-Site Scripting vulnerability in Nanwich FAQ ASK

Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-30 CVE-2008-7250 Pedro Lineu Orso Cross-Site Scripting vulnerability in Pedro Lineu Orso Sarg 2.2.4

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log.

4.3
2009-12-30 CVE-2009-4478 Xstate Cross-Site Scripting vulnerability in Xstate Real Estate 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html.

4.3
2009-12-30 CVE-2009-4473 Ektron Cross-Site Scripting vulnerability in Ektron Cms4000.Net

Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters.

4.3
2009-12-30 CVE-2009-4469 Giombetti Cross-Site Scripting vulnerability in Giombetti PHPpowercards 2.0

Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) archiv parameter, and the (3) subcat parameter.

4.3
2009-12-30 CVE-2009-4468 Deluxebb Cross-Site Scripting vulnerability in Deluxebb 1.3

Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2009-12-30 CVE-2009-4464 Activewebsoftwares Cross-Site Scripting vulnerability in Activewebsoftwares Active Business Directory 2.0

Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2009-12-30 CVE-2009-4461 Flatpress Cross-Site Scripting vulnerability in Flatpress 0.909

Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php.

4.3
2009-12-30 CVE-2009-4460 Ljscripts Cross-Site Scripting vulnerability in Ljscripts Auto-Surf Traffic Exchange Script 1.1

Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to (1) index.php, (2) faq.php, and (3) register.php.

4.3
2009-12-30 CVE-2009-4459 Redmine Cross-Site Scripting vulnerability in Redmine

Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.

4.3
2009-12-30 CVE-2009-4458 Freepbx Cross-Site Scripting vulnerability in Freepbx 2.5.2/2.6.0

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.

4.3
2009-12-29 CVE-2009-4450 Livezilla Cross-Site Scripting vulnerability in Livezilla 3.1.8.3

Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with templates/map.tpl.

4.3
2009-12-29 CVE-2009-4446 Ikemcg Cross-Site Scripting vulnerability in Ikemcg PHPinstantgallery 1.1

Cross-site scripting (XSS) vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2009-12-28 CVE-2009-4443 SUN Denial-Of-Service vulnerability in Java System Directory Server

Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978.

4.3
2009-12-28 CVE-2009-1798 APC Cross-Site Scripting vulnerability in APC Network Management Card and Switched Rack PDU

Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2009-12-28 CVE-2009-4433 Idevspot Cross-Site Scripting vulnerability in Idevspot Isupport

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php.

4.3
2009-12-28 CVE-2009-4425 Idevspot Cross-Site Scripting vulnerability in Idevspot Idevcart 1.09

Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter in a browse action.

4.3
2009-12-30 CVE-2009-4467 Deluxebb Improper Input Validation vulnerability in Deluxebb 1.3

misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action.

4.0
2009-12-28 CVE-2009-4439 IBM Denial-Of-Service vulnerability in IBM DB2 9.5

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-12-31 CVE-2009-4532 Nathan Haug
Drupal
Cross-Site Scripting vulnerability in Nathan Haug Webform

Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.

3.5
2009-12-31 CVE-2009-4514 Astha Bhatnagar
Drupal
Cross-Site Scripting vulnerability in Astha Bhatnagar Shindigintegrator 5/6.X1.Xdev/6.X2.0Alpha1

Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.

3.5
2009-12-31 CVE-2009-4513 John Vandyk
Drupal
Cross-Site Scripting vulnerability in John Vandyk Workflow

Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state.

3.5
2009-12-28 CVE-2009-4429 Alexander Hass
Drupal
Cross-Site Scripting vulnerability in Alexander Hass Sections Module

Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).

3.5
2009-12-29 CVE-2009-4454 Saini Link Following vulnerability in Saini Videocache 1.9.2

vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log.

3.3