Weekly Vulnerabilities Reports > January 11 to 17, 2010

Overview

114 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 109 products from 63 vendors including Typo3, Oracle, Microsoft, Apple, and Adobe. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Input Validation", "Numeric Errors", and "Permissions, Privileges, and Access Controls".

  • 106 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 103 reported vulnerabilities are exploitable by an anonymous user.
  • Typo3 has the most reported vulnerabilities, with 27 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-13 CVE-2009-4212 MIT Numeric Errors vulnerability in MIT Kerberos and Kerberos 5

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

10.0
2010-01-13 CVE-2009-3959 Adobe
Apple
Microsoft
Unix
Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader

Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.

10.0
2010-01-13 CVE-2009-3958 Adobe
Apple
Microsoft
Unix
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.

10.0
2010-01-13 CVE-2009-3956 Adobe
Apple
Microsoft
Unix
Configuration vulnerability in Adobe Acrobat and Acrobat Reader

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.

10.0
2010-01-13 CVE-2009-3955 Adobe
Apple
Microsoft
Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.

10.0
2010-01-13 CVE-2009-3954 Adobe
Apple
Microsoft
Unix
Code Injection vulnerability in Adobe Acrobat and Acrobat Reader

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html Affected software versions Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html a DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954).

10.0
2010-01-13 CVE-2009-3953 Adobe
Apple
Microsoft
Unix
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

10.0
2010-01-13 CVE-2009-3637 Icculus Buffer Errors vulnerability in Icculus Alien Arena 7.30

Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server description to UDP port 27901 followed by a packet with a long print command.

10.0
2010-01-13 CVE-2010-0079 Oracle
SUN
Unspecified vulnerability in Oracle BEA Product Suite R27.6.5

Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2010-01-13 CVE-2010-0072 Oracle Oracle Secure Backup Remote Code Execution vulnerability in Oracle Secure Backup 10.2.0.3

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2010-01-13 CVE-2010-0071 Oracle Remote Listener Memory Corruption vulnerability in Oracle Database

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2010-01-12 CVE-2009-4538 Linux
Debian
Remote Security Bypass vulnerability in Linux Kernel

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

10.0
2010-01-15 CVE-2010-0316 Google Numeric Errors vulnerability in Google Sketchup

Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file.

9.3
2010-01-15 CVE-2010-0280 JAN Eric Krprianidis
Google
Numeric Errors vulnerability in multiple products

Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.

9.3
2010-01-15 CVE-2010-0249 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7/8

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability." Per: http://cwe.mitre.org/data/definitions/416.htmlhttp://cwe.mitre.org/data/definitions/416.html CWE-416: Use After Free

9.3
2010-01-13 CVE-2010-0018 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-001.mspx This security update is rated Critical for Microsoft Windows 2000, and is rated Low for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

9.3
2010-01-14 CVE-2009-4182 HP Remote Information Disclosure vulnerability in HP web Jetadmin 10.2

Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server.

9.0
2010-01-13 CVE-2009-3415 Oracle OLAP Remote Unspecified vulnerability in Oracle Database

Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

9.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-15 CVE-2010-0323 Arco VAN Geest
Typo3
Information Disclosure vulnerability in Goof Fotoboek

Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

7.8
2010-01-15 CVE-2010-0317 Novell Resource Management Errors vulnerability in Novell Netware 6.5

Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27.

7.8
2010-01-12 CVE-2009-4537 Linux
Debian
Improper Input Validation vulnerability in Linux Kernel

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register.

7.8
2010-01-12 CVE-2009-4536 Linux
Debian
Numeric Errors vulnerability in Linux Kernel

drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.

7.8
2010-01-15 CVE-2010-0350 Arco VAN Geest
Typo3
Path Traversal vulnerability in Arco VAN Geest Goof Fotoboek

Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.

7.5
2010-01-15 CVE-2010-0344 Typo3 SQL Injection vulnerability in Typo3 ZAK Store Management

SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0343 Typo3 SQL Injection vulnerability in Typo3 PB Clanlist 0.0.1

SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0342 Typo3 SQL Injection vulnerability in Typo3 JOB Reports

SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0341 Typo3 SQL Injection vulnerability in Typo3 BB Simplejobs

SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0340 Typo3 SQL Injection vulnerability in Typo3 Mjseventpro

SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0339 Typo3 SQL Injection vulnerability in Typo3 Vm19 Userlinks

SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0338 Typo3 SQL Injection vulnerability in Typo3 Ttpedit 0.0.2

SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0337 Typo3 SQL Injection vulnerability in Typo3 DL3 TT News Alerts

SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0334 Francisco Cifuentes
Typo3
SQL Injection vulnerability in Francisco Cifuentes Vote for TT News 1.0.1

SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0333 Matthias Graubner
Typo3
SQL Injection vulnerability in Matthias Graubner MG Help

SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0332 Stefan Tannhaeuser
Typo3
SQL Injection vulnerability in Stefan Tannhaeuser Tv21 Talkshow 1.0.1

SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0330 Julian Fries
Typo3
SQL Injection vulnerability in Julian Fries JF Easymaps

SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0329 Alex Kellner
Typo3
SQL Injection vulnerability in Alex Kellner Powermail

SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."

7.5
2010-01-15 CVE-2010-0324 Patrick Bauerochse
Typo3
SQL Injection vulnerability in Patrick Bauerochse REF List

SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-15 CVE-2010-0322 Matthias Karr
Typo3
SQL Injection vulnerability in Matthias Karr MK Anydropdownmenu

SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-14 CVE-2009-4613 Netartmedia SQL Injection vulnerability in Netartmedia Real Estate Portal 2.0

SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter.

7.5
2010-01-14 CVE-2010-0015 GNU Credentials Management vulnerability in GNU Glibc 2.10.2/2.7

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.

7.5
2010-01-13 CVE-2009-4611 Mortbay Improper Input Validation vulnerability in Mortbay Jetty

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.

7.5
2010-01-12 CVE-2009-4604 Fernando Soares
Joomla
Code Injection vulnerability in Fernando Soares COM Mamboleto 2.0

PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2010-01-12 CVE-2009-4600 Netartmedia SQL Injection vulnerability in Netartmedia Media Real Estate Portal 2.0

SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field).

7.5
2010-01-12 CVE-2009-4599 Joomshark
Joomla
SQL Injection vulnerability in Joomshark COM Jsjobs 1.0.5.6

Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.

7.5
2010-01-12 CVE-2009-4598 Corephp
Joomla
SQL Injection vulnerability in Corephp COM Jphoto 1.0

SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.

7.5
2010-01-12 CVE-2009-4597 Phpwares SQL Injection vulnerability in PHPwares PHP Inventory 1.2

Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters.

7.5
2010-01-14 CVE-2010-0184 Tibco Permissions, Privileges, and Access Controls vulnerability in Tibco Runtime Agent

The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.

7.2
2010-01-13 CVE-2009-4607 Overlandstorage Permissions, Privileges, and Access Controls vulnerability in Overlandstorage Guardianos and Snap Server 410

The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell.

7.2
2010-01-13 CVE-2009-4606 South River Technologies Permissions, Privileges, and Access Controls vulnerability in South River Technologies Webdrive 9.02

South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

7.2

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-15 CVE-2010-0318 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd 7.1/7.2/8.0

The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure.

6.9
2010-01-14 CVE-2010-0311 SUN
IBM
Privilege Escalation vulnerability in SUN Java System Identity Server 8.1.0.5/8.1.0.6

Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.

6.8
2010-01-14 CVE-2010-0310 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10.0

Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.

6.8
2010-01-13 CVE-2009-4487 Nginx Unspecified vulnerability in Nginx

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

6.8
2010-01-13 CVE-2010-0279 BTS GI NET Unspecified vulnerability in Bts-Gi.Net Read Excel 1.1

Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

6.8
2010-01-13 CVE-2010-0077 Oracle CRM Technical Foundation (mobile) Remote vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2

Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.

6.4
2010-01-13 CVE-2010-0076 Oracle Remote Application vulnerability in Oracle Database 3.2.1.00.10

Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.0
2010-01-12 CVE-2009-4595 Phpwares SQL Injection vulnerability in PHPwares PHP Inventory 1.2

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action.

6.0
2010-01-15 CVE-2010-0348 C 3 CO JP Path Traversal vulnerability in C-3.Co.Jp Webcalenderc3 0.31/0.32

Directory traversal vulnerability in C3 Corp.

5.0
2010-01-15 CVE-2010-0336 Typo3 Information Disclosure vulnerability in kiddog_mysqldumper

Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

5.0
2010-01-15 CVE-2010-0325 Typo3
Sebastian Baumann
Information Disclosure vulnerability in Sebastian Baumann SB Folderdownload 0.1.1/0.2.0/0.2.1

Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

5.0
2010-01-14 CVE-2010-0315 Google Multiple Security vulnerability in Google Chrome prior to 4.0.249.89

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

5.0
2010-01-14 CVE-2010-0314 Apple Unspecified vulnerability in Apple Safari

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.

5.0
2010-01-14 CVE-2010-0313 SUN Denial of Service vulnerability in SUN Java System Directory Server 7.0

The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message.

5.0
2010-01-14 CVE-2010-0312 IBM
Linux
Improper Input Validation vulnerability in IBM Tivoli Directory Server 6.2

The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.2 on Linux allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SecureWay 3.2 Event Registration Request (aka a 1.3.18.0.2.12.1 request).

5.0
2010-01-14 CVE-2009-4355 Openssl
Redhat
Resource Management Errors vulnerability in multiple products

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

5.0
2010-01-13 CVE-2009-4609 Mortbay Information Exposure vulnerability in Mortbay Jetty

The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.

5.0
2010-01-13 CVE-2009-4496 BOA Improper Input Validation vulnerability in BOA 0.94.14Rc21

Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-4495 Yaws Improper Input Validation vulnerability in Yaws 1.85

Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-4494 AOL Improper Input Validation vulnerability in AOL Aolserver 4.5.1

AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-4493 Orion Improper Input Validation vulnerability in Orion Application Server 2.0.7

Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-4492 Webrick
Ruby Lang
Improper Input Validation vulnerability in multiple products

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-4491 Acme Improper Input Validation vulnerability in Acme Thttpd 2.25

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-4490 Acme Improper Input Validation vulnerability in Acme Mini Httpd 1.19

mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-4489 Cherokee Project Improper Input Validation vulnerability in Cherokee-Project Cherokee

header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-4488 Varnish Projects Linpro Improper Input Validation vulnerability in Varnish.Projects.Linpro Varnish 2.0.6

** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

5.0
2010-01-13 CVE-2009-3957 Adobe
Apple
Microsoft
Unix
Denial of Service vulnerability in Adobe Reader and Acrobat Null Pointer Dereference

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5.0
2010-01-13 CVE-2010-0078 Oracle Remote WebLogic Server vulnerability in Oracle WebLogic Server

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors.

5.0
2010-01-13 CVE-2010-0075 Oracle Remote Oracle HRMS (Self Service) vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.1

Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2010-01-13 CVE-2010-0074 Oracle Remote vulnerability in Oracle WebLogic Server

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors.

5.0
2010-01-13 CVE-2010-0068 Oracle Remote WebLogic Server vulnerability in Oracle WebLogic Server

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, and 10.0 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2010-01-13 CVE-2010-0067 Oracle Remote Oracle Containers for J2EE vulnerability in Oracle Application Server 10.1.2.3/10.1.3.4

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2010-01-13 CVE-2010-0066 Oracle Access Manager Identity Server Remote vulnerability in Oracle Application Server 10.1.4.2/7.0.4.3

Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.

5.0
2010-01-12 CVE-2009-4603 SAP Denial Of Service vulnerability in SAP Kernel 'sapstartsrv'

Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request.

5.0
2010-01-13 CVE-2010-0080 Oracle Remote eProfile vulnerability in Oracle PeopleSoft Enterprise HCM

Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

4.9
2010-01-13 CVE-2009-3414 Oracle Oracle Spatial Remote Unspecified vulnerability in Oracle Database

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3413.

4.9
2010-01-13 CVE-2009-3411 Oracle Remote Oracle Data Pump vulnerability in Oracle Database

Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

4.9
2010-01-15 CVE-2010-0349 C 3 CO JP Cross-Site Scripting vulnerability in C-3.Co.Jp Webcalenderc3 0.31/0.32

Cross-site scripting (XSS) vulnerability in C3 Corp.

4.3
2010-01-15 CVE-2010-0347 Typo3 Cross-Site Scripting vulnerability in Typo3 VD Gemomap

Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-15 CVE-2010-0346 Typo3 Cross-Site Scripting vulnerability in Typo3 Mimi Tipfriends

Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-15 CVE-2010-0345 Typo3 Cross-Site Scripting vulnerability in Typo3 Majordomo

Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-15 CVE-2010-0335 Francisco Cifuentes
Typo3
Cross-Site Scripting vulnerability in Francisco Cifuentes Vote for TT News 1.0.1

Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-15 CVE-2010-0331 Stefan Tannhaeuser
Typo3
Cross-Site Scripting vulnerability in Stefan Tannhaeuser Tv21 Talkshow 1.0.1

Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-15 CVE-2010-0328 Rastislav Birka
Typo3
Cross-Site Scripting vulnerability in Rastislav Birka CS2 Unitconv 1.0.4

Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-15 CVE-2010-0327 Julian Kleinhans
Typo3
Cross-Site Scripting vulnerability in Julian Kleinhans KJ Imagelightbox2 1.4.0/1.4.1/1.4.2

Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490.

4.3
2010-01-15 CVE-2010-0326 Francois Suter
Rene Fritz
Typo3
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-15 CVE-2010-0321 Jamit Cross-Site Scripting vulnerability in Jamit JOB Board 3.0

Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.

4.3
2010-01-15 CVE-2010-0320 X10Media Cross-Site Scripting vulnerability in X10Media Glitter Central Script

Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter.

4.3
2010-01-15 CVE-2010-0319 Docmint Cross-Site Scripting vulnerability in Docmint 1.0/2.1

Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2010-01-13 CVE-2009-4612 Mortbay Cross-Site Scripting vulnerability in Mortbay Jetty

Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.

4.3
2010-01-13 CVE-2009-4610 Mortbay Cross-Site Scripting vulnerability in Mortbay Jetty

Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.

4.3
2010-01-13 CVE-2009-4608 Canon ITS Cross-Site Scripting vulnerability in Canon-Its Accessguardian

Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc.

4.3
2010-01-13 CVE-2010-0070 Oracle Remote Oracle Containers for J2EE vulnerability in Oracle Application Server 10.1.2.3/10.1.3.4

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-01-13 CVE-2010-0069 Oracle Remote vulnerability in Oracle Weblogic Server

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-01-13 CVE-2009-3416 Oracle Oracle Application Object Library Remote vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.1

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-01-12 CVE-2010-0278 Microsoft Buffer Overflow vulnerability in Microsoft Windows Live Messenger 2009

A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.

4.3
2010-01-12 CVE-2009-4602 Drupal Cross-Site Scripting vulnerability in Drupal Randomizer 5.X1.0/6.X1.0

Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-12 CVE-2009-4601 Zeeways Cross-Site Scripting vulnerability in Zeeways Zeejobsite 3.0

Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter.

4.3
2010-01-12 CVE-2009-4596 Phpwares Cross-Site Scripting vulnerability in PHPwares PHP Inventory 1.2

Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.

4.3
2010-01-13 CVE-2009-1996 Oracle Remote Logical Standby vulnerability in Oracle Database

Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-14 CVE-2010-0014 Fedoraproject Improper Authentication vulnerability in Fedoraproject Sssd

System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.

3.7
2010-01-13 CVE-2009-3410 Oracle Remote RDBMS vulnerability in Oracle Database

Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

3.6
2010-01-13 CVE-2009-3413 Oracle Oracle Spatial Remote vulnerability in Oracle Database

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3414.

3.2
2010-01-14 CVE-2010-0002 GNU Improper Input Validation vulnerability in GNU Bash

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.

2.1
2010-01-13 CVE-2009-3412 Oracle Local Unzip vulnerability in Oracle Application Server and Database Server

Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.

1.0