Contents
Cal Poly Pomona

Latest Windows and Mac Bulletins

Windows and Mac

Report date: March 16, 2009  Date posted: March 16, 2009

This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.

At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.

Tip: highlight any link below to reveal the criticality or priority.

SANS Bulletin - Vol 8 Num 10

Secunia Bulletin - 2009-10

CERT Bulletin - SB09-068

Note:there may be multiple issues for each product link. Scroll down after clicking the link.

BULLETIN DETAIL

CERT Bulletin

Vulnerability Summary for the Week of March 2, 2009

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back 1scripts -- z1exchange
 SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-03-027.5CVE-2008-6392
XF
MISC
back 3com -- wireless 8760 dual-radio
 The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request.2009-03-047.8CVE-2008-6395
XF
BID
SECUNIA
FULLDISC
back activewebsoftwares -- active web helpdesk
 SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.2009-03-027.5CVE-2008-6380
XF
BID
MILW0RM
SECUNIA
back adserversolutions -- banner exchange software
 SQL injection vulnerability in logon process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.2009-03-027.5CVE-2008-6364
XF
BID
MILW0RM
SECUNIA
MISC
back adserversolutions -- ad management software
 SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon processing.jsp. NOTE: some of these details are obtained from third party information.2009-03-027.5CVE-2008-6365
XF
BID
MILW0RM
SECUNIA
back adserversolutions -- affiliate software java
 SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon process.jsp. NOTE: some of these details are obtained from third party information.2009-03-027.5CVE-2008-6366
XF
BID
MILW0RM
SECUNIA
MISC
back aj square -- aj auction
 SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item id parameter.2009-03-067.5CVE-2008-6414
MILW0RM
back aliensoftcorp -- rae media contact management
 SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.2009-03-027.5CVE-2008-6389
BID
MILW0RM
SECUNIA
back andrew freed -- quotebook
 Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-057.5CVE-2009-0829
SECUNIA
back ausimods -- e-cart
 SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter.2009-03-057.5CVE-2009-0832
BID
BUGTRAQ
MILW0RM
back avahi -- avahi-daemon
 The originates from local legacy unicast socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.2009-03-037.8CVE-2009-0758
MLIST
MISC
back bookelves -- kipper
 Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.2009-03-067.5CVE-2009-0765
BID
MILW0RM
SECUNIA
back bookelves -- kipper
 Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-067.5CVE-2009-0766
SECUNIA
back bpsoft -- hex workshop
 Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information.2009-03-049.3CVE-2009-0812
XF
BID
BUGTRAQ
MILW0RM
SECUNIA
back brian wilson -- ol'bookmarks
 Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.2009-03-067.5CVE-2008-6407
BID
MILW0RM
back brian wilson -- ol'bookmarks
 PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.2009-03-067.5CVE-2008-6408
BID
MILW0RM
back brian wilson -- ol'bookmarks
 SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.2009-03-067.5CVE-2008-6409
MILW0RM
back brian wilson -- ol'bookmarks
 Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.2009-03-067.5CVE-2008-6410
BID
MILW0RM
back capilano -- designworks
 Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0.7 allows remote attackers to execute arbitrary code via a crafted .cct file. NOTE: some of these details are obtained from third party information.2009-03-029.3CVE-2008-6363
VUPEN
BID
MILW0RM
SECUNIA
back chipmunk scripts -- chipmunk guestbook
 SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter.2009-03-027.5CVE-2008-6368
XF
SECUNIA
MISC
OSVDB
back cisco -- session border controller
 Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets to TCP port 2000.2009-03-047.8CVE-2009-0619
XF
BID
CISCO
back cosmin truta -- optipng
 Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.2009-03-029.3CVE-2009-0749
VUPEN
BID
CONFIRM
back cs-cart -- cs-cart
 SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs cookies[customer user id] cookie parameter.2009-03-047.5CVE-2008-6394
XF
BID
BUGTRAQ
MILW0RM
MISC
SECUNIA
back explay -- explay cms
 Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.2009-03-067.5CVE-2008-6411
XF
BID
MILW0RM
back ezonelink -- multiple membership script
 SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-03-027.5CVE-2008-6362
BID
MILW0RM
SECUNIA
back greatclone -- hotscripts clone
 SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter.2009-03-067.5CVE-2008-6405
BID
MILW0RM
back ibm -- aix
 Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long "input string."2009-03-047.2CVE-2009-0779
VUPEN
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
back imera -- teamlinks
 Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters.2009-03-049.3CVE-2009-0813
XF
VUPEN
MILW0RM
SECUNIA
back jetik -- jetik-web
 SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter.2009-03-067.5CVE-2008-6401
BID
MILW0RM
back linux -- kernel
 The audit syscall entry function in the Linux kernel 2.6.28.7 and earlier on the x86 64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.2009-03-067.2CVE-2009-0834
CONFIRM
XF
BID
SECUNIA
MISC
MLIST
MLIST
MLIST
CONFIRM
back linux -- kernel
 The secure computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86 64 platform, when CONFIG SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.2009-03-067.2CVE-2009-0835
MISC
SECUNIA
MISC
MISC
MISC
MLIST
MLIST
MLIST
back manzovi -- proquiz
 SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312.2009-02-277.5CVE-2008-6327
XF
XF
MILW0RM
back mega-nerd -- libsndfile
nullsoft -- winamp
 Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.2009-03-049.3CVE-2009-0186
VUPEN
VUPEN
BID
BUGTRAQ
BUGTRAQ
CONFIRM
MISC
MISC
SECUNIA
SECUNIA
back mozilla -- firefox
mozilla -- seamonkey
mozilla -- thunderbird
 The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.2009-03-0410.0CVE-2009-0771
CONFIRM
CONFIRM
back mozilla -- firefox
mozilla -- seamonkey
mozilla -- thunderbird
 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.2009-03-049.3CVE-2009-0772
CONFIRM
CONFIRM
back mozilla -- firefox
mozilla -- seamonkey
mozilla -- thunderbird
 The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js DecompileValueGenerator, jsopcode.cpp, defineSetter , and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, defineSetter , and watch, which triggers a hang.2009-03-0410.0CVE-2009-0773
CONFIRM
back mozilla -- firefox
mozilla -- seamonkey
mozilla -- thunderbird
 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.2009-03-049.3CVE-2009-0774
CONFIRM
CONFIRM
back mozilla -- firefox
mozilla -- seamonkey
mozilla -- thunderbird
 Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.2009-03-0410.0CVE-2009-0775
CONFIRM
CONFIRM
back mozilla -- firefox
mozilla -- seamonkey
mozilla -- thunderbird
 nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.2009-03-047.1CVE-2009-0776
CONFIRM
CONFIRM
back mpfr -- gnu mpfr
 Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr snprintf and (2) mpfr vsnprintf functions.2009-03-037.5CVE-2009-0757
MLIST
CONFIRM
back muskatli -- sofi webgui
 PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod dir parameter.2009-03-067.5CVE-2008-6402
BID
MILW0RM
back mxmania -- calendar mx professional
 SQL injection vulnerability in calendar Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.2009-03-027.5CVE-2008-6378
XF
BID
MILW0RM
SECUNIA
back mxmania -- gallery mx
 SQL injection vulnerability in pics pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.2009-03-027.5CVE-2008-6379
XF
BID
MILW0RM
SECUNIA
back myplugins -- gen msn
 Heap-based buffer overflow in gen msn.dll in the gen msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information.2009-03-059.3CVE-2009-0833
BID
MILW0RM
SECUNIA
back nexusjnr -- jbook
 SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter).2009-03-027.5CVE-2008-6376
XF
BID
MISC
back nexusjnr -- jbook
 SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter).2009-03-027.5CVE-2008-6391
XF
back ocean12tech -- contact manager pro
 SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.2009-03-027.5CVE-2008-6369
XF
BID
MILW0RM
SECUNIA
OSVDB
back ocean12tech -- membership manager pro
 SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter).2009-03-027.5CVE-2008-6371
XF
BID
MILW0RM
SECUNIA
OSVDB
back ocean12tech -- faq manager pro
 SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information.2009-03-027.5CVE-2008-6372
BID
MILW0RM
SECUNIA
back ocean12tech -- membership manager pro
 SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-027.5CVE-2008-6390
XF
OSVDB
MILW0RM
SECUNIA
back openrat -- openrat
 PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl dir parameter.2009-03-067.5CVE-2008-6403
BID
MILW0RM
back php.brickhost -- phpscheduleit
 Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end date parameter to reserve.php and (2) the start date and end date parameters to check.php. NOTE: the start date/reserve.php vector is already covered by CVE-2008-6132.2009-03-047.5CVE-2009-0820
VUPEN
CONFIRM
CONFIRM
CONFIRM
back phpbb-seo -- multi seo phpbb
 PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.2009-03-027.5CVE-2008-6377
BID
MILW0RM
SECUNIA
back psi-im -- psi
 PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.2009-03-0310.0CVE-2008-6393
CONFIRM
back qbik -- wingate
 Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.2009-03-047.1CVE-2009-0802
CERT-VN
BID
back simple cmms -- simplecmms
 Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-047.5CVE-2009-0808
XF
VUPEN
CONFIRM
back sixapart -- movable type
 Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.2009-03-0210.0CVE-2009-0752
CONFIRM
back smoothwall -- networkguardian
smoothwall -- schoolguardian
smoothwall -- smoothguardian
 SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.2009-03-047.1CVE-2009-0803
CERT-VN
BID
CONFIRM
back socialgroupie -- social groupie
 SQL injection vulnerability in group index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-03-027.5CVE-2008-6358
BID
MILW0RM
SECUNIA
back socialgroupie -- social groupie
 Unrestricted file upload vulnerability in Photos/create album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member images/.2009-03-028.5CVE-2008-6367
MILW0RM
SECUNIA
back sopcast -- sopcore activex control
 Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method.2009-03-047.5CVE-2009-0811
XF
BID
BUGTRAQ
MISC
back squid -- squid web proxy cache
 Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.2009-03-047.1CVE-2009-0801
CERT-VN
BID
back tombstone -- smnews
 SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote attackers to execute arbitrary SQL commands via the username parameter.2009-03-027.5CVE-2009-0750
XF
MILW0RM
back torrenttrader -- torrenttrader
 SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info hash parameter.2009-03-067.5CVE-2008-6418
BID
CONFIRM
back vignette -- vignette content management
 Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors.2009-03-067.5CVE-2008-6412
CONFIRM
back wesnoth -- wesnoth
 The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.2009-03-049.3CVE-2009-0367
CONFIRM
CONFIRM
VUPEN
back xatrix -- xguestbook
 SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter.2009-03-047.5CVE-2009-0810
XF
VUPEN
BID
MILW0RM
back yapbb -- yapbb
 SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action.2009-03-067.5CVE-2009-0768
BID
MILW0RM
back youngzsoft -- ccproxy
 Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.2009-03-0610.0CVE-2008-6415
XF
SECTRACK
SECUNIA
MISC
back zfeeder -- zfeeder
 zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.2009-03-047.5CVE-2009-0807
XF
MILW0RM
back ziproxy -- ziproxy
 Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.2009-03-047.1CVE-2009-0804
CERT-VN
BID
CONFIRM
Medium Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back 1scripts -- z1exchange
 Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.2009-03-024.3CVE-2008-6386
XF
MISC
back 4u2ges -- rapid classified
 Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.2009-03-025.0CVE-2008-6388
XF
MILW0RM
back activewebsoftwares -- quick tree view .net
 Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb.2009-03-025.0CVE-2008-6387
VUPEN
MILW0RM
back andrew freed -- pollhelper
 PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.2009-03-055.0CVE-2009-0827
XF
MILW0RM
SECUNIA
OSVDB
back andrew freed -- quotebook
 Cross-site scripting (XSS) vulnerability in QuoteBook allows remote attackers to inject arbitrary web script or HTML via the (1) QuoteName and (2) QuoteText parameters to quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-054.3CVE-2009-0830
SECUNIA
back aspportal -- aspportal
 ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.2009-03-025.0CVE-2008-6382
MILW0RM
SECUNIA
OSVDB
back bcoos -- bcoos
 SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.2009-03-024.6CVE-2008-6381
XF
BID
MILW0RM
SECUNIA
OSVDB
back blogsa -- blogsa
 Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.2009-03-044.3CVE-2009-0814
XF
BID
BUGTRAQ
back bookelves -- kipper
 Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter.2009-03-064.3CVE-2009-0763
BID
MILW0RM
SECUNIA
back bookelves -- kipper
 Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-064.3CVE-2009-0764
SECUNIA
back bookelves -- kipper
 Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.2009-03-065.0CVE-2009-0767
MILW0RM
SECUNIA
back celerondude -- uploader
 Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.2009-03-044.3CVE-2008-6396
XF
BID
SECUNIA
MISC
back codefixer -- mailinglistpro
 CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.2009-03-025.0CVE-2008-6374
XF
MILW0RM
SECUNIA
back curl -- curl
curl -- libcurl
 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.2009-03-046.8CVE-2009-0037
VUPEN
BID
CONFIRM
CONFIRM
back datalifecms -- datalife engine
 Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string.2009-03-064.3CVE-2008-6406
XF
BID
BUGTRAQ
SECUNIA
back dkim -- dkim-milter
 dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an assertion error.2009-03-065.0CVE-2009-0770
BID
DEBIAN
CONFIRM
back donnafontenot -- evcal events calendar
 evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.2009-03-025.0CVE-2008-6356
XF
MILW0RM
back donnafontenot -- mycal personal events calendar
 MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb.2009-03-025.0CVE-2008-6357
XF
MILW0RM
back dotnetnuke -- dotnetnuke
 Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.2009-03-055.5CVE-2008-6399
BID
CONFIRM
SECUNIA
OSVDB
back drupal -- storm
 SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.2009-03-026.0CVE-2008-6383
BID
CONFIRM
back drupal -- comment mail
 Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to perform unauthorized actions as administrators via unspecified vectors.2009-03-026.8CVE-2008-6384
CONFIRM
back eric raymond -- sng
 sng regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.2009-03-046.9CVE-2008-6398
XF
BID
MLIST
CONFIRM
back extrosoft -- thyme
 Cross-site scripting (XSS) vulnerability in add calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.2009-03-064.3CVE-2008-6404
XF
BID
MISC
back freedville -- bloghelper
 BlogHelper stores common db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.2009-03-055.0CVE-2009-0826
XF
MILW0RM
SECUNIA
back freedville -- quotebook
 QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.2009-03-055.0CVE-2009-0828
MILW0RM
SECUNIA
back greensql -- greensql-console
 Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages."2009-03-064.3CVE-2008-6416
CONFIRM
back greensql -- greensql-console
 Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors.2009-03-065.0CVE-2008-6417
CONFIRM
SECUNIA
back ibm -- aix
 The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.2009-03-064.9CVE-2008-1594
BID
back impresscms -- impresscms
 Cross-site scripting (XSS) vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the rank title parameter. NOTE: some of these details are obtained from third party information.2009-03-024.3CVE-2008-6360
CONFIRM
SECUNIA
back insun podcast -- feedcms
 Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-026.8CVE-2008-6361
XF
MISC
BID
back linux -- kernel
 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE PARENT flag, and then letting this new process exit.2009-02-276.3CVE-2009-0028
CONFIRM
MISC
MISC
SUSE
back linux -- kernel
 The ext4 fill super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.2009-02-274.9CVE-2009-0748
VUPEN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
back mihai bazon -- pical
 Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event id parameter in index.php.2009-03-044.3CVE-2009-0805
CONFIRM
CONFIRM
back mldonkey -- mldonkey
 Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.2009-03-035.0CVE-2009-0753
MLIST
SECUNIA
CONFIRM
back mozilla -- firefox
mozilla -- seamonkey
mozilla -- thunderbird
 Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decodes invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.2009-03-045.8CVE-2009-0777
CONFIRM
CONFIRM
back mozilla -- firefox
 Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.2009-03-045.0CVE-2009-0821
BID
MISC
back mysql -- mysql
 sql/item xmlfunc.cc in MySQL before 5.1.32 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.2009-03-045.0CVE-2009-0819
CONFIRM
back nagios -- nagios
 Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."2009-03-025.0CVE-2008-6373
CONFIRM
CONFIRM
back nexusjnr -- jbook
 JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb.2009-03-025.0CVE-2008-6375
XF
MISC
back ocean12tech -- contact manager pro
 Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter.2009-03-024.3CVE-2008-6370
XF
BID
MILW0RM
SECUNIA
OSVDB
back openbsd -- openbsd
 The aspath prepend function in rde attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path.2009-03-045.0CVE-2009-0780
OPENBSD
OPENBSD
back opengoo -- opengoo
 Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authenticated users to modify their own permissions via unknown attack vectors.2009-03-046.5CVE-2009-0806
BID
back php-fusion -- members cv module
 SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic quotes gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.2009-03-056.0CVE-2009-0831
BID
MILW0RM
SECUNIA
back phpf1 -- max's guestbook
 Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters.2009-03-024.3CVE-2008-6359
XF
BID
BUGTRAQ
SECUNIA
OSVDB
back poppler -- poppler
 The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.2009-03-035.0CVE-2009-0755
MLIST
MLIST
SECUNIA
MLIST
CONFIRM
back poppler -- poppler
 The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.2009-03-035.0CVE-2009-0756
MLIST
MLIST
SECUNIA
MLIST
CONFIRM
back qip -- qip
 QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\rtf\pict\&&} message. NOTE: the vulnerability may be in Sergey Tkachenko TRichView. If so, then this should not be treated as a vulnerability in QIP.2009-03-064.3CVE-2009-0769
BID
BUGTRAQ
OSVDB
SECUNIA
back refbase -- refbase
 Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information.2009-03-054.3CVE-2008-6400
BID
back scriptsez -- ez php comment
 Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-064.3CVE-2009-0762
BID
SECUNIA
OSVDB
back team5 -- team board
 Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.2009-03-065.0CVE-2009-0760
OSVDB
MILW0RM
SECUNIA
MISC
back team5.team board -- 1.0
team5.team board -- 1.0.1
team5.team board -- 1.0.2
team5.team board -- 1.0.3
team5.team board -- 1.0.4
team5.team board -- 1.0.5
 Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1.x allows remote attackers to inject arbitrary web script or HTML via the lookname parameter.2009-03-064.3CVE-2009-0761
BID
MILW0RM
back ticklespace -- answers module
 Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.2009-03-064.3CVE-2008-6413
VUPEN
BID
FULLDISC
CONFIRM
back typo3 -- typo3
 The jumpUrl mechanism in class.tslib fe.php in TYPO3 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 3.3.x through 3.8.x leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.2009-03-045.0CVE-2009-0815
DEBIAN
CONFIRM
back typo3 -- typo3
 Cross-site scripting (XSS) vulnerability in the backend user interface in TYPO3 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 3.3.x through 3.8.x allows remote attackers to inject arbitrary web script or HTML via multiple unspecified fields.2009-03-044.3CVE-2009-0816
CONFIRM
back ubuntu -- ubuntu linux
 The dbus request handler in (1) network-manager-applet and (2) NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not properly verify privileges, which allows local users to discover (a) network connection passwords and (b) pre-shared keys via unspecified queries.2009-03-044.6CVE-2009-0365
BID
back ubuntu -- ubuntu linux
 network-manager-applet in Ubuntu 8.10 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors.2009-03-046.2CVE-2009-0578
UBUNTU
BID
back w3matter -- revsense
 Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.2009-03-024.3CVE-2008-6385
SECUNIA
MISC
back yaws -- yaws
 Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.2009-03-025.0CVE-2009-0751
CONFIRM
BID
MLIST
MILW0RM
SECUNIA
back znc -- znc
 Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.2009-03-036.5CVE-2009-0759
CONFIRM
CONFIRM
CONFIRM
MLIST
Low Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back 3ds -- enovia smarteam
ibm -- catia
 The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object.2009-03-043.5CVE-2009-0809
VUPEN
BID
AIXAPAR
SECUNIA
back alcovebook -- sgml2x
 rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.2009-03-043.6CVE-2008-6397
XF
BID
MLIST
CONFIRM
back cisco -- unified meetingplace
 Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.2009-02-273.5CVE-2009-0743
CISCO
back drupal -- protected node module
 Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected node enterpassword function in protected node.module.2009-03-043.5CVE-2009-0817
VUPEN
CONFIRM
CONFIRM
back drupal -- taxonomy theme module
 Cross-site scripting (XSS) vulnerability in the taxonomy theme admin table builder function (taxonomy theme admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information.2009-03-043.5CVE-2009-0818
BID
CONFIRM
back opensc-project -- opensc
 OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.2009-03-022.1CVE-2009-0368
BID
MLIST
back php -- php
 PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.2009-03-032.1CVE-2009-0754
MLIST
MLIST
MLIST
CONFIRM

back Relevant Products

  • 2000
  • 98
  • Internet
  • Mac
  • Mac OS X
  • Macos
  • Microsoft
  • OS X
  • OSx
  • PuTTY
  • Safari
  • Windows
  • Windows Media
  • XP
  • acrobat
  • adobe
  • anti-virus
  • antivirus
  • apple
  • browser
  • browsers
  • cumulative
  • eudora
  • excel
  • exchange
  • firefox
  • gecko
  • iis
  • internet information server
  • java
  • mozilla
  • netscape
  • novell
  • office
  • osx
  • outlook
  • player
  • powerpoint
  • qualcomm
  • realnetworks
  • realplayer
  • samba
  • symantec
  • thunderbird
  • trend
  • veritas
  • word
  • zone
  • zonealarm