Bulletin (SB09-362)
Vulnerability Summary for the Week of December 21, 2009
|
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. |
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
adobe -- flash_media_server |
Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors. | 2009-12-21 | 10.0 | CVE-2009-3792 BID CONFIRM |
|
alienvault -- open_suource_security_information_management |
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/. | 2009-12-21 | 10.0 | CVE-2009-4372 XF BID MISC MISC CONFIRM SECUNIA OSVDB OSVDB OSVDB OSVDB OSVDB |
|
alienvault -- open_suource_security_information_management |
Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/. | 2009-12-21 | 9.0 | CVE-2009-4373 MISC CONFIRM SECUNIA |
|
alienvault -- open_suource_security_information_management |
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | 2009-12-21 | 7.5 | CVE-2009-4374 MISC MISC SECUNIA |
|
alienvault -- open_suource_security_information_management |
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | 2009-12-21 | 7.5 | CVE-2009-4375 OSVDB MISC CONFIRM SECUNIA |
|
bookingcentre -- booking_system_for_hotels_group |
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors. | 2009-12-22 | 7.5 | CVE-2009-4386 VUPEN BUGTRAQ MISC SECUNIA MISC |
|
centreon -- centreon |
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. | 2009-12-21 | 10.0 | CVE-2009-4368 VUPEN |
|
cisco -- webex |
Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | 2009-12-18 | 9.3 | CVE-2009-2875 VUPEN CISCO CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
cisco -- webex |
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879. | 2009-12-18 | 9.3 | CVE-2009-2876 CISCO CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
cisco -- webex |
Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | 2009-12-18 | 9.3 | CVE-2009-2877 VUPEN BID CISCO CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
cisco -- webex |
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879. | 2009-12-18 | 9.3 | CVE-2009-2878 VUPEN CISCO CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM SECTRACK |
|
cisco -- webex |
Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file. | 2009-12-18 | 9.3 | CVE-2009-2880 VUPEN CISCO CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
|
daniel_ptzinger -- danp_documentdirs |
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-12-22 | 7.5 | CVE-2009-4393 CONFIRM |
|
diocese_of_portsmouth -- pd_resources |
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-12-22 | 7.5 | CVE-2009-4396 CONFIRM |
|
edgewall -- trac edgewall_ -- trac |
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6." | 2009-12-23 | 7.5 | CVE-2009-4405 FEDORA MISC XF VUPEN CONFIRM SECUNIA SECUNIA |
|
f5 -- big-ip_application_security_manager f5 -- big-ip_protocol_security_manager |
Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: some of these details are obtained from third party information. | 2009-12-24 | 7.8 | CVE-2009-4420 CONFIRM XF VUPEN SECTRACK BID SECUNIA |
|
fr.simon_rundell -- ste_prayer2 |
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-12-22 | 7.5 | CVE-2009-4394 CONFIRM |
|
fr.simon_rundell -- hs_religiousartgallery |
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-12-22 | 7.5 | CVE-2009-4399 CONFIRM |
|
fr.simon_rundell -- ste_parish_admin |
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-12-22 | 7.5 | CVE-2009-4401 CONFIRM |
|
ghostscript -- ghostscript |
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. | 2009-12-21 | 9.3 | CVE-2009-4270 CONFIRM VUPEN BID MLIST MLIST SECUNIA OSVDB CONFIRM |
|
gnome -- gpdf kde -- kpdf xpdf -- xpdf |
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. | 2009-12-21 | 9.3 | CVE-2009-4035 CONFIRM XF VUPEN SECTRACK BID REDHAT REDHAT REDHAT SECUNIA SECUNIA SECUNIA SECUNIA MISC CONFIRM |
|
hp -- openview_storage_data_protector |
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844. | 2009-12-18 | 10.0 | CVE-2007-2280 MISC SECTRACK |
|
hp -- openview_storage_data_protector |
Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter. | 2009-12-18 | 10.0 | CVE-2007-2281 SECTRACK |
|
ibm -- aix |
Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information. | 2009-12-21 | 7.2 | CVE-2009-4361 VUPEN BID AIXAPAR AIXAPAR SECUNIA |
|
ibm -- aix |
Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information. | 2009-12-21 | 7.2 | CVE-2009-4362 VUPEN BID AIXAPAR AIXAPAR SECUNIA |
|
intel -- gm45_chipset intel -- pm45_express_chipset intel -- q35_chipset intel -- q43_express_chipset intel -- q45_chipset |
Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded. | 2009-12-24 | 7.2 | CVE-2009-4419 XF VUPEN SECTRACK BID MISC CONFIRM SECUNIA OSVDB MISC |
|
jochen_rieger -- car |
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-12-22 | 7.5 | CVE-2009-4390 CONFIRM |
|
php -- php |
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. | 2009-12-21 | 7.5 | CVE-2009-4143 VUPEN BID CONFIRM CONFIRM SECUNIA |
|
php-calendar -- php-calendar |
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | 2009-12-22 | 7.5 | CVE-2009-3702 BUGTRAQ |
|
phpgroupware -- phpgroupware |
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php. | 2009-12-24 | 7.5 | CVE-2009-4415 XF XF BID OSVDB OSVDB MLIST CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA |
|
piwik -- piwik |
The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the __destruct function in the Piwik_Config class; php://filter URIs; the __destruct functions in Zend Framework, as demonstrated by the Zend_Log destructor; the shutdown functions in Zend Framework, as demonstrated by the Zend_Log_Writer_Mail class; the render function in the Piwik_View class; Smarty templates; and the _eval function in Smarty. | 2009-12-24 | 7.5 | CVE-2009-4137 MISC MISC MISC MLIST MLIST MLIST CONFIRM CONFIRM |
|
roman_marxer -- ganeti |
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." | 2009-12-21 | 7.5 | CVE-2009-4261 CONFIRM |
|
sql-ledger -- sql-ledger |
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface. | 2009-12-23 | 7.5 | CVE-2009-4402 BID BUGTRAQ SECUNIA |
|
typo3 -- xds_staff |
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2009-12-22 | 7.5 | CVE-2009-4392 CONFIRM |
|
valarsoft -- webmatic |
Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925. | 2009-12-22 | 7.5 | CVE-2009-4380 CONFIRM BID |
|
weentech -- weencompany |
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information. | 2009-12-24 | 7.5 | CVE-2009-4423 XF MISC SECUNIA MISC OSVDB |
|
wireshark -- wireshark |
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. | 2009-12-21 | 9.3 | CVE-2009-4376 CONFIRM MISC VUPEN |
| Back to top | ||||
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
aditus -- jpgraph |
Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph 3.0.6 allow remote attackers to inject arbitrary web script or HTML via a key to csim_in_html_ex1.php, and other unspecified vectors. | 2009-12-24 | 4.3 | CVE-2009-4422 BUGTRAQ SECUNIA OSVDB |
|
adobe -- flash_media_server |
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors. | 2009-12-21 | 5.0 | CVE-2009-3791 CONFIRM |
|
apc -- ap7932_b2_firmware apc -- ap7932_b2 |
Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the login_username parameter. | 2009-12-23 | 4.3 | CVE-2009-4406 XF SECTRACK BID BUGTRAQ MISC |
|
condor_project -- condor |
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute. | 2009-12-23 | 6.5 | CVE-2009-4133 CONFIRM XF BID REDHAT REDHAT CONFIRM CONFIRM SECTRACK SECUNIA SECUNIA MISC |
|
daniel_regelein -- dr_blob |
Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-12-22 | 4.3 | CVE-2009-4391 CONFIRM |
|
diocese_of_portsmouth -- pd_resources |
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-12-22 | 4.3 | CVE-2009-4397 CONFIRM |
|
fr.simon_rundell -- ste_prayer2 |
Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-12-22 | 4.3 | CVE-2009-4395 CONFIRM |
|
fr.simon_rundell -- hs_religiousartgallery |
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-12-22 | 4.3 | CVE-2009-4398 CONFIRM |
|
fr.simon_rundell -- ste_parish_admin |
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-12-22 | 4.3 | CVE-2009-4400 CONFIRM |
|
frank_krger -- nl_listman |
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2009-12-22 | 4.3 | CVE-2009-4388 CONFIRM |
|
gnome -- networkmanager |
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network. | 2009-12-23 | 6.8 | CVE-2009-4144 CONFIRM MLIST CONFIRM CONFIRM |
|
gnu -- automake |
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | 2009-12-19 | 4.6 | CVE-2009-4029 MLIST |
|
horde -- groupware_webmail horde -- groupware_webmail_edition horde -- horde_application_framework horde -- horde_groupware |
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable. | 2009-12-21 | 4.3 | CVE-2009-3701 XF VUPEN VUPEN BID BUGTRAQ SECTRACK SECUNIA SECUNIA MLIST MLIST MLIST CONFIRM FULLDISC |
|
horde -- application_framework horde -- groupware |
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers." | 2009-12-21 | 4.3 | CVE-2009-4363 MLIST MLIST MLIST |
|
jochen_striepe -- t-prot |
Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message. NOTE: some of these details are obtained from third party information. | 2009-12-23 | 4.3 | CVE-2009-4404 XF SECUNIA OSVDB CONFIRM |
|
linux -- kernel |
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors. | 2009-12-24 | 4.9 | CVE-2009-4410 CONFIRM BID MLIST |
|
manageengine -- password_manager_pro manageengine -- password_manager_pro6.1 |
The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs. | 2009-12-22 | 4.3 | CVE-2009-4387 VUPEN MISC CONFIRM |
|
php -- php |
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. | 2009-12-21 | 4.3 | CVE-2009-4142 CONFIRM |
|
php -- php |
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences. | 2009-12-24 | 5.0 | CVE-2009-4418 MISC MISC |
|
phpfaber -- phpfaber_content_management_system |
Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter. | 2009-12-22 | 4.3 | CVE-2009-4382 VUPEN BID MISC MISC |
|
phpgroupware -- phpgroupware |
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php. | 2009-12-24 | 6.8 | CVE-2009-4414 XF BID OSVDB MLIST CONFIRM CONFIRM CONFIRM SECUNIA |
|
phpgroupware -- phpgroupware |
Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence. | 2009-12-24 | 4.3 | CVE-2009-4416 MISC |
|
piwik -- piwik teethgrinder.co.uk -- open_flash_chart |
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3 and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/. | 2009-12-22 | 4.6 | CVE-2009-4140 XF VUPEN BID OSVDB MLIST MLIST SECUNIA CONFIRM MISC |
|
pps.jussieu -- polipo |
Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors. | 2009-12-24 | 5.0 | CVE-2009-3305 SECUNIA CONFIRM CONFIRM |
|
pps.jussieu -- polipo |
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault. | 2009-12-24 | 5.0 | CVE-2009-4413 MLIST MISC SECUNIA CONFIRM |
|
pyforum -- pyforum |
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors. | 2009-12-23 | 6.8 | CVE-2009-4407 XF BUGTRAQ OSVDB SECUNIA |
|
pyforum -- pyforum |
Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are not properly handled when a post is viewed. | 2009-12-23 | 4.3 | CVE-2009-4408 XF BUGTRAQ OSVDB SECUNIA |
|
robert_puntigam -- aba_watchdog |
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | 2009-12-22 | 5.0 | CVE-2009-4389 CONFIRM SECUNIA |
|
rocomotion -- p_forum |
Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. | 2009-12-22 | 5.0 | CVE-2009-4383 CONFIRM CONFIRM |
|
rumbacms -- rumba_xml |
Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information. | 2009-12-23 | 4.3 | CVE-2009-4403 XF BUGTRAQ MISC SECUNIA OSVDB |
|
s9y -- serendipity |
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information. | 2009-12-24 | 6.0 | CVE-2009-4412 XF VUPEN MLIST SECUNIA OSVDB CONFIRM |
|
scriptsez -- ez_blog |
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2009-12-21 | 4.3 | CVE-2009-4364 XF SECUNIA OSVDB |
|
scriptsez -- ez_blog |
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action. | 2009-12-21 | 4.3 | CVE-2009-4366 XF SECUNIA MISC OSVDB |
|
scriptsez -- ez_poll_hoster |
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php. | 2009-12-22 | 4.3 | CVE-2009-4384 VUPEN MISC SECUNIA MISC |
|
scriptsez -- ez_poll_hoster |
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php. | 2009-12-22 | 6.8 | CVE-2009-4385 VUPEN MISC SECUNIA MISC |
|
sitecore -- staging_module |
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request. | 2009-12-21 | 6.8 | CVE-2009-4367 MISC XF BID BUGTRAQ MISC SECUNIA OSVDB |
|
sphpblog -- sphpblog |
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter. | 2009-12-24 | 6.5 | CVE-2009-4421 XF BID BUGTRAQ FULLDISC |
|
sql-ledger -- sql-ledger |
Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action. | 2009-12-23 | 6.8 | CVE-2009-3580 XF BUGTRAQ SECUNIA |
|
sql-ledger -- sql-ledger |
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation. | 2009-12-23 | 6.5 | CVE-2009-3582 XF BID BUGTRAQ SECUNIA |
|
sql-ledger -- sql-ledger |
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field. | 2009-12-23 | 5.1 | CVE-2009-3583 XF BID BUGTRAQ SECUNIA |
|
sql-ledger -- sql-ledger |
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2009-12-23 | 5.0 | CVE-2009-3584 XF BID BUGTRAQ SECUNIA |
|
texmedia -- million_pixel_script |
Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information. | 2009-12-22 | 4.3 | CVE-2009-4381 XF BID MISC SECUNIA MISC OSVDB |
|
valarsoft -- webmatic |
Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-2924. | 2009-12-22 | 4.3 | CVE-2009-4379 CONFIRM BID |
|
wireshark -- wireshark |
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet, as demonstrated by fuzz-2009-12-07-11141.pcap. | 2009-12-21 | 4.3 | CVE-2009-4377 CONFIRM CONFIRM VUPEN SECTRACK BID SECUNIA OSVDB |
|
wireshark -- wireshark |
The IPMI dissector in Wireshark 1.2.0 through 1.2.4, when running on Windows, allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." | 2009-12-21 | 4.3 | CVE-2009-4378 VUPEN |
|
zend -- framework |
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed." | 2009-12-24 | 5.0 | CVE-2009-4417 MISC MISC |
| Back to top | ||||
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|
drupal -- drupal |
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name. | 2009-12-21 | 3.5 | CVE-2009-4369 MISC CONFIRM |
|
drupal -- drupal |
Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview. | 2009-12-21 | 3.5 | CVE-2009-4370 SECUNIA CONFIRM |
|
drupal -- drupal |
Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form. | 2009-12-21 | 3.5 | CVE-2009-4371 MISC |
|
gnome -- networkmanager |
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network. | 2009-12-23 | 2.1 | CVE-2009-4145 CONFIRM CONFIRM CONFIRM |
|
iij -- seil/b1 |
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack. | 2009-12-23 | 2.6 | CVE-2009-4409 CONFIRM BID OSVDB SECUNIA JVNDB JVN |
|
scriptsez -- ez_blog |
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action. | 2009-12-21 | 3.5 | CVE-2009-4365 XF SECUNIA MISC OSVDB |
|
sql-ledger -- sql-ledger |
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor. | 2009-12-23 | 3.5 | CVE-2009-3581 XF BID BUGTRAQ SECUNIA |
|
xfs -- acl |
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack. | 2009-12-24 | 3.7 | CVE-2009-4411 BID |
| Back to top | ||||
This product is provided subject to this Notification and this Privacy & Use policy.
