Bulletin (SB09-222)
Vulnerability Summary for the Week of August 3, 2009
|
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
3cx -- phone_system |
3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vectors, as demonstrated by vulnerability scans from Nessus or SAINT. | 2009-08-03 | 7.8 | CVE-2008-6895 FULLDISC |
|
adobe -- air adobe -- flash_player adobe -- flex |
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." | 2009-07-31 | 9.3 | CVE-2009-1863 VUPEN BID BID CONFIRM |
|
adobe -- air adobe -- flash_player adobe -- flex |
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | 2009-07-31 | 9.3 | CVE-2009-1864 VUPEN BID BID |
|
adobe -- air adobe -- flash_player adobe -- flex |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability." | 2009-07-31 | 9.3 | CVE-2009-1865 VUPEN BID CONFIRM |
|
adobe -- air adobe -- flash_player adobe -- flex |
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | 2009-07-31 | 9.3 | CVE-2009-1866 VUPEN BID CONFIRM |
|
adobe -- air adobe -- flash_player adobe -- flex |
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. | 2009-07-31 | 9.3 | CVE-2009-1868 VUPEN BID BID CONFIRM |
|
adobe -- air adobe -- flash_player adobe -- flex |
Integer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | 2009-07-31 | 9.3 | CVE-2009-1869 VUPEN BID CONFIRM |
|
andres_garcia -- getleft |
Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) "a" HTML tag; a long src attribute in (2) embed, (3) img, or (4) script tags; (5) a long background attribute in a body tag; and other unspecified tags. | 2009-08-05 | 9.3 | CVE-2008-6897 XF BID MILW0RM |
|
android -- android |
Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009. | 2009-08-03 | 10.0 | CVE-2009-2656 BID |
|
apache -- apr-util apache -- portable_runtime |
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. | 2009-08-06 | 10.0 | CVE-2009-2412 BID |
|
apple -- iphone_os |
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. | 2009-08-03 | 10.0 | CVE-2009-2204 VUPEN SECTRACK |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. | 2009-08-06 | 7.2 | CVE-2009-0151 VUPEN BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. | 2009-08-06 | 9.3 | CVE-2009-1726 BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. | 2009-08-06 | 9.3 | CVE-2009-2188 VUPEN BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. | 2009-08-06 | 7.8 | CVE-2009-2190 VUPEN BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | 2009-08-06 | 7.5 | CVE-2009-2191 VUPEN BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue." | 2009-08-06 | 7.5 | CVE-2009-2192 VUPEN BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. | 2009-08-06 | 10.0 | CVE-2009-2193 VUPEN BID CONFIRM APPLE |
|
exophpdesk -- exophpdesk |
SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | 2009-08-07 | 7.5 | CVE-2008-6917 XF VUPEN BID MILW0RM SECUNIA |
|
freesshd -- freesshd |
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command. | 2009-08-05 | 9.0 | CVE-2008-6899 BID BUGTRAQ MISC |
|
ibm -- tklm |
Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability." | 2009-08-05 | 10.0 | CVE-2009-2667 VUPEN CONFIRM |
|
ibm -- aix |
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | 2009-08-05 | 7.2 | CVE-2009-2669 BID AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
|
john_doe -- netport_software siemens -- speedstream_5200 |
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. | 2009-08-07 | 10.0 | CVE-2008-6916 XF BID MILW0RM SECUNIA OSVDB |
|
marc_ingram -- services |
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges. | 2009-08-06 | 7.5 | CVE-2008-6908 XF BID CONFIRM |
|
marc_ingram -- services |
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. | 2009-08-06 | 7.5 | CVE-2008-6910 BID CONFIRM |
|
microsoft -- internet_explorer |
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232. | 2009-08-05 | 7.8 | CVE-2009-2668 MISC BUGTRAQ |
|
mozilla -- network_security_services |
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | 2009-08-03 | 9.3 | CVE-2009-2404 VUPEN BID CONFIRM |
|
mozilla -- firefox |
The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors. | 2009-08-04 | 10.0 | CVE-2009-2662 VUPEN CONFIRM |
|
mozilla -- firefox |
libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. | 2009-08-04 | 9.3 | CVE-2009-2663 VUPEN CONFIRM |
|
mozilla -- firefox |
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper. | 2009-08-04 | 10.0 | CVE-2009-2665 VUPEN CONFIRM |
|
openexr -- openexr |
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information. | 2009-07-31 | 7.5 | CVE-2009-1720 BID DEBIAN CONFIRM CONFIRM CONFIRM |
|
peel -- peel |
SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572. | 2009-08-03 | 7.5 | CVE-2008-6892 MILW0RM SECUNIA OSVDB |
|
saschart -- sascam_webcam_server |
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods. | 2009-08-05 | 9.3 | CVE-2008-6898 XF BID MILW0RM |
|
sophos -- anti-virus sophos -- anti-virus7.6.3 |
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE. | 2009-08-05 | 10.0 | CVE-2008-6904 MISC MISC BUGTRAQ |
|
subversion -- subversion |
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. | 2009-08-07 | 8.5 | CVE-2009-2411 VUPEN BID MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM SECUNIA |
|
sun -- jdk sun -- jre |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | 2009-08-05 | 7.5 | CVE-2009-2672 SUNALERT CONFIRM |
|
sun -- jdk sun -- jre |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | 2009-08-05 | 7.5 | CVE-2009-2673 SUNALERT CONFIRM |
|
sun -- jdk sun -- jre |
Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images. | 2009-08-05 | 7.5 | CVE-2009-2674 SUNALERT CONFIRM |
|
sun -- jdk sun -- jre |
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression. | 2009-08-05 | 10.0 | CVE-2009-2675 SUNALERT CONFIRM |
|
xemacs -- xemacs |
Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-08-05 | 10.0 | CVE-2009-2688 CONFIRM CONFIRM XF XF XF VUPEN BID MISC SECUNIA OSVDB |
|
zeeways -- shaadiclone |
Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php. | 2009-08-07 | 7.5 | CVE-2008-6912 XF BID MILW0RM OSVDB |
|
znc -- znc |
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. | 2009-08-04 | 7.5 | CVE-2009-2658 CONFIRM |
|
zope -- zodb |
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. | 2009-08-07 | 7.5 | CVE-2009-0669 CONFIRM |
| Back to top | ||||
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
2532gigs -- 2532gigs |
Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585. | 2009-08-05 | 5.1 | CVE-2008-6901 XF BID MILW0RM SECUNIA |
|
2532gigs -- 2532gigs |
Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/. | 2009-08-05 | 6.8 | CVE-2008-6902 XF BID MILW0RM SECUNIA |
|
2532gigs -- 2532gigs |
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php. | 2009-08-06 | 6.8 | CVE-2008-6907 XF BID MILW0RM SECUNIA |
|
3cx -- phone_system |
Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3CX Phone System Free Edition 6.1793 and 6.0.806.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fName and (2) fPassword parameters. | 2009-08-03 | 4.3 | CVE-2008-6894 XF |
|
3cx -- phone_system |
login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path. | 2009-08-03 | 5.0 | CVE-2008-6896 FULLDISC |
|
adobe -- air adobe -- flash_player adobe -- flex |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." | 2009-07-31 | 4.3 | CVE-2009-1867 VUPEN CONFIRM |
|
adobe -- air adobe -- flash_player adobe -- flex |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." | 2009-07-31 | 4.9 | CVE-2009-1870 VUPEN BID BID CONFIRM |
|
alt-n -- worldclient |
Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. | 2009-08-03 | 4.3 | CVE-2008-6893 XF |
|
apple -- garageband |
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. | 2009-08-04 | 4.3 | CVE-2009-2198 VUPEN BID APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. | 2009-08-06 | 4.3 | CVE-2009-1723 VUPEN BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. | 2009-08-06 | 6.8 | CVE-2009-1727 VUPEN BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | 2009-08-06 | 6.8 | CVE-2009-1728 VUPEN BID CONFIRM APPLE |
|
apple -- mac_os_x apple -- mac_os_x apple -- mac_os_x_server |
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." | 2009-08-06 | 4.9 | CVE-2009-2194 VUPEN BID CONFIRM APPLE |
|
availscript -- availscript_article_script |
Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/. | 2009-08-05 | 6.5 | CVE-2008-6900 XF MILW0RM SECUNIA |
|
babbleboard -- babbleboard |
Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page. | 2009-08-06 | 6.0 | CVE-2008-6905 XF MILW0RM SECUNIA OSVDB |
|
babbleboard -- babbleboard |
Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username. | 2009-08-06 | 4.3 | CVE-2008-6906 XF BID MILW0RM |
|
brewblogger -- brewblogger |
SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php. NOTE: some of these details are obtained from third party information. | 2009-08-06 | 6.8 | CVE-2008-6911 XF BID MILW0RM SECUNIA OSVDB |
|
cs-cart -- cs-cart |
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2. | 2009-08-05 | 6.5 | CVE-2009-2579 BID BUGTRAQ CONFIRM MISC SECUNIA |
|
django_project -- django |
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL. | 2009-08-04 | 5.0 | CVE-2009-2659 CONFIRM |
|
drupal -- services_module_for_drupal |
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges. | 2009-08-06 | 6.5 | CVE-2008-6909 OSVDB CONFIRM |
|
fetchmail -- fetchmail |
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 2009-08-07 | 6.4 | CVE-2009-2666 VUPEN SLACKWARE BID SECUNIA SECUNIA MLIST CONFIRM |
|
jun_furuse -- camlimages |
Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295. | 2009-08-04 | 6.8 | CVE-2009-2660 CONFIRM CONFIRM MLIST |
|
linux -- kernel linux -- kernel linux -- linux_kernel |
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. | 2009-07-31 | 6.9 | CVE-2009-2406 VUPEN BID DEBIAN DEBIAN |
|
linux -- kernel linux -- kernel linux -- linux_kernel |
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. | 2009-07-31 | 6.9 | CVE-2009-2407 VUPEN BID DEBIAN SECUNIA SECUNIA SECUNIA |
|
microsoft -- windows_server_2003 microsoft -- windows_xp |
** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' | 2009-08-03 | 4.6 | CVE-2009-2653 MISC MILW0RM SECTRACK MISC MISC |
|
microsoft -- internet_explorer |
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. | 2009-08-03 | 4.3 | CVE-2009-2655 XF MILW0RM |
|
mozilla -- firefox |
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | 2009-08-03 | 5.8 | CVE-2009-2654 VUPEN VUPEN BID CONFIRM CONFIRM |
|
mozilla -- firefox |
Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | 2009-08-04 | 5.0 | CVE-2009-2470 VUPEN BID CONFIRM |
|
mozilla -- firefox |
The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." | 2009-08-04 | 5.0 | CVE-2009-2664 VUPEN CONFIRM |
|
nilf -- nilfs |
nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2. | 2009-08-04 | 4.6 | CVE-2009-2657 CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
|
openexr -- openexr |
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. | 2009-07-31 | 6.8 | CVE-2009-1721 BID CONFIRM CONFIRM CONFIRM |
|
openexr -- openexr |
Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | 2009-07-31 | 6.8 | CVE-2009-1722 BID DEBIAN CONFIRM |
|
php -- php |
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | 2009-08-05 | 5.0 | CVE-2009-2687 XF VUPEN BID CONFIRM |
|
sophos -- anti-virus sophos -- anti-virus7.6.3 |
Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. | 2009-08-05 | 4.3 | CVE-2008-6903 CONFIRM SECTRACK MISC |
|
strongswan -- strongswan |
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. | 2009-08-04 | 5.0 | CVE-2009-2661 MLIST CONFIRM |
|
sun -- opensolaris sun -- solaris |
Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets. | 2009-08-03 | 6.8 | CVE-2009-2652 VUPEN BID SUNALERT |
|
sun -- jdk sun -- jre |
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | 2009-08-05 | 5.0 | CVE-2009-2670 SUNALERT CONFIRM |
|
sun -- jdk sun -- jre |
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. | 2009-08-05 | 5.0 | CVE-2009-2671 SUNALERT CONFIRM |
|
sun -- java_se sun -- jdk sun -- jre sun -- sdk |
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet. | 2009-08-05 | 6.8 | CVE-2009-2676 SUNALERT CONFIRM |
|
sun -- jdk sun -- jre |
Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | 2009-08-06 | 5.0 | CVE-2009-2625 SUNALERT CONFIRM |
|
sun -- virtualbox |
Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors. | 2009-08-07 | 4.9 | CVE-2009-2714 BID SUNALERT SECUNIA |
|
sun -- virtualbox |
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction. | 2009-08-07 | 4.9 | CVE-2009-2715 XF BID MILW0RM |
|
x.org -- x11 sun -- opensolaris sun -- solaris |
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. | 2009-08-07 | 4.9 | CVE-2009-2711 BID SUNALERT CONFIRM |
|
zeeways -- zeejobsite |
Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos/. | 2009-08-07 | 6.5 | CVE-2008-6913 XF BID MILW0RM |
|
zeeways -- zeeproperty |
Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/. | 2009-08-07 | 6.5 | CVE-2008-6914 XF BID MILW0RM |
|
zeeways -- zeeproperty |
Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter. | 2009-08-07 | 4.3 | CVE-2008-6915 XF BID MILW0RM |
|
zope -- zodb |
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol. | 2009-08-07 | 6.5 | CVE-2009-0668 SECUNIA SECUNIA CONFIRM MLIST |
| Back to top | ||||
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
sun -- java_system_access_manager sun -- java_system_web_server sun -- opensso_enterprise |
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. | 2009-08-07 | 2.1 | CVE-2009-2712 SUNALERT CONFIRM |
|
sun -- java_system_access_manager sun -- java_system_web_server |
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2009-08-07 | 3.5 | CVE-2009-2713 CONFIRM |
| Back to top | ||||
This product is provided subject to this Notification and this Privacy & Use policy.
