Contents
Cal Poly Pomona

Latest Unix and Other Bulletins

UNIX and Other

Report date: March 26, 2009  Date posted: March 26, 2009

This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.

At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.

Tip: highlight any link below to reveal the criticality or priority.

SANS Bulletin - Vol 8 Num 11

None relevant

Secunia Bulletin - 2009-11

CERT Bulletin - SB09-075

Note:there may be multiple issues for each product link. Scroll down after clicking the link.

BULLETIN DETAIL

CERT Bulletin

Vulnerability Summary for the Week of March 9, 2009

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back 6rbscript -- 6rbscript
 SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action.2009-03-137.5CVE-2008-6454
BID
MILW0RM
back akirapowered -- image gallery
 SQL injection vulnerability in image gallery.php in the Akira Powered Image Gallery (image gallery) plugin for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.2009-03-137.5CVE-2008-6466
BID
MILW0RM
back apple -- itunes
 Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.2009-03-147.1CVE-2009-0143
CONFIRM
APPLE
back baidu -- baidu hi
 Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.2009-03-099.3CVE-2008-6444
XF
BID
BUGTRAQ
back blueriver -- sava cms
 SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-067.5CVE-2008-6434
BID
SECUNIA
back cisco -- unified communications manager
 The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.2009-03-129.0CVE-2009-0632
VUPEN
CISCO
back dieselscripts -- diesel job site
 SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job id parameter.2009-03-137.5CVE-2008-6467
BID
MILW0RM
back dieselscripts -- diesel pay
 SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action.2009-03-137.5CVE-2008-6468
BID
MILW0RM
back dieter mayer -- fe address edit
 SQL injection vulnerability in the FE address edit for tt address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-137.5CVE-2008-6458
XF
BID
CONFIRM
back e107coders -- macguru blog engine plugin
 SQL injection vulnerability in macgurublog menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455.2009-03-067.5CVE-2008-6438
BID
MILW0RM
back epicgames -- unreal engine
 Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.2009-03-099.3CVE-2008-6441
XF
BID
BUGTRAQ
OSVDB
OSVDB
SECUNIA
FULLDISC
MISC
back foxit -- reader3.0
 Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.2009-03-1010.0CVE-2009-0837
XF
VUPEN
BID
CONFIRM
MISC
SECUNIA
back foxitsoftware -- foxit reader
 Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.2009-03-109.3CVE-2009-0191
VUPEN
CONFIRM
back fr.simon rundell -- ste prayer2
 SQL injection vulnerability in the Random Prayer 2 (ste prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-137.5CVE-2008-6461
CONFIRM
back fr.simon rundell -- pd churchsearch
 SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-137.5CVE-2008-6463
BID
CONFIRM
back geniuscyber -- maxsite
 Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter.2009-03-097.5CVE-2008-6446
XF
BID
MILW0RM
back geovision -- livex activex control
 Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX ~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.2009-03-108.8CVE-2009-0865
XF
BID
SECUNIA
MILW0RM
back hp -- wmi mapper
 Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors.2009-03-117.2CVE-2009-0712
HP
back ibm -- tivoli storage manager hsm
 Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.2009-03-1010.0CVE-2009-0869
BID
CONFIRM
back ibm -- tivoli storage manager
ibm -- tivoli storage manager express
 Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.4.0.0 through 5.4.4.0, 5.3 including 5.3.7.3, and 5.2 allows remote attackers to execute arbitrary code via a crafted length value.2009-03-1110.0CVE-2008-4563
CONFIRM
back josema enzo -- isiajax
 SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-03-127.5CVE-2009-0881
XF
MILW0RM
back jportal -- jportal
 SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.2009-03-137.5CVE-2008-6451
BID
MILW0RM
back kernel -- linux
 The icmp send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt cache leak."2009-03-127.1CVE-2009-0778
CONFIRM
XF
BID
CONFIRM
MLIST
CONFIRM
back kurt gusbeth -- myquizpoll
 SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-137.5CVE-2008-6462
CONFIRM
back martin helmich -- hbook
 SQL injection vulnerability in the HBook (h book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-137.5CVE-2008-6456
XF
BID
CONFIRM
back matteoiammarrone -- s-cms
 SQL injection vulnerability in admin/delete page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-03-107.5CVE-2009-0863
XF
BID
MILW0RM
back matteoiammarrone -- s-cms
 S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.2009-03-107.5CVE-2009-0864
XF
BID
MILW0RM
back mediacommands -- media commands
 Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.2009-03-129.3CVE-2009-0885
XF
VUPEN
MILW0RM
SECUNIA
OSVDB
back mevin -- basic-php-events-lister
 SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-03-137.5CVE-2008-6464
BID
back microsoft -- windows 2000
microsoft -- windows server 2003
microsoft -- windows server 2008
microsoft -- windows vista
microsoft -- windows xp
 The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."2009-03-109.3CVE-2009-0081
MS
back microsoft -- windows 2000
microsoft -- windows server 2003
microsoft -- windows server 2008
microsoft -- windows vista
microsoft -- windows xp
 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."2009-03-107.2CVE-2009-0082
MS
back microsoft -- windows 2000
microsoft -- windows server 2003
microsoft -- windows server 2008
microsoft -- windows vista
microsoft -- windows xp
 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."2009-03-107.2CVE-2009-0083
MS
back microsoft -- windows 2000
microsoft -- windows server 2003
microsoft -- windows server 2008
microsoft -- windows vista
microsoft -- windows xp
 The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."2009-03-107.1CVE-2009-0085
MS
back mirko werner -- mw random objects
 SQL injection vulnerability in the Simple Random Objects (mw random objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-137.5CVE-2008-6460
XF
BID
CONFIRM
back mountaingrafix -- easylink
 SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.2009-03-137.5CVE-2008-6471
MILW0RM
SECUNIA
back muskatli -- sofi webgui
 PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod dir parameter.2009-03-067.5CVE-2008-6402
XF
BID
MILW0RM
back novastor -- novanet
 Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.2009-03-0910.0CVE-2009-0849
XF
BID
MISC
SECUNIA
OSVDB
OSVDB
back oceandir -- oceandir
 SQL injection vulnerability in show vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-03-137.5CVE-2008-6452
BID
MILW0RM
back openttd -- openttd
 Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."2009-03-109.0CVE-2008-3547
GENTOO
SECUNIA
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
back phpkf -- phpkf
 SQL injection vulnerability in forum duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.2009-03-097.5CVE-2008-6443
XF
MISC
BID
back plaincart -- plaincart
 SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.2009-03-137.5CVE-2008-6469
BID
MILW0RM
back roman bogorodskiy -- nforum
 Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.2009-03-127.5CVE-2009-0882
BID
BUGTRAQ
back torben sorensen -- tinx/cms
 SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-03-097.5CVE-2009-0825
BID
CONFIRM
back typo3 -- autobeuser
 SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-137.5CVE-2008-6459
XF
BID
CONFIRM
back walnutstreet -- cgswigmore
 SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-03-137.5CVE-2008-6457
CONFIRM
back yourplace -- yourplace
 Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authenticated and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information.2009-03-097.5CVE-2008-6445
CONFIRM
Medium Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back 6rbscript -- 6rbscript
 Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic quotes gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.2009-03-134.3CVE-2008-6453
MILW0RM
back amunak -- blue eye cms
 SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic quotes gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS login cookie parameter.2009-03-126.8CVE-2009-0883
XF
BID
MILW0RM
back apache -- tomcat
 Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."2009-03-094.3CVE-2009-0781
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
back apple -- itunes
 Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.2009-03-145.0CVE-2009-0016
CONFIRM
APPLE
back bitdefender -- internet security
 Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file.2009-03-094.3CVE-2009-0850
VUPEN
BUGTRAQ
BUGTRAQ
SECUNIA
back centurysys -- xr-1100
centurysys -- xr-410
centurysys -- xr-410-l2
centurysys -- xr-440
centurysys -- xr-510
centurysys -- xr-540
centurysys -- xr-640
centurysys -- xr-640-l2
centurysys -- xr-730
 Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors.2009-03-094.0CVE-2008-6449
CONFIRM
JVNDB
JVN
back cerberus -- cerberus helpdesk
webgroupmedia -- cerberus helpdesk
 Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.2009-03-065.0CVE-2008-6440
BID
CONFIRM
SECUNIA
back clansphere -- clansphere
 Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php files. NOTE: some of these details are obtained from third party information.2009-03-135.0CVE-2008-6470
CONFIRM
back d.j.bernstein -- djbdns
 The response addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.2009-03-095.8CVE-2009-0858
MISC
back dash -- dash
 Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.2009-03-116.9CVE-2009-0854
UBUNTU
back denorastats -- phpdenora
 Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name. NOTE: some of these details are obtained from third party information.2009-03-104.3CVE-2009-0861
BID
CONFIRM
back edikon -- phpshop
 Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-136.8CVE-2008-6455
XF
BID
SECUNIA
back filezilla -- filezilla server
 Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets.2009-03-125.0CVE-2009-0884
VUPEN
CONFIRM
back foxit -- reader
foxit -- reader3.0
 Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.2009-03-106.8CVE-2009-0836
CONFIRM
back fujitsu -- enhanced support facility
 The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 allows remote attackers to obtain (1) hardware and (2) software information via unspecified requests in a client connection.2009-03-105.0CVE-2009-0867
XF
BID
CONFIRM
SECUNIA
back fujitsu -- jasmine2000
 CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.2009-03-106.8CVE-2009-0868
XF
BID
CONFIRM
SECUNIA
back gnome -- glib
 Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.2009-03-144.6CVE-2008-4316
BID
CONFIRM
MLIST
MISC
back gnome -- evolution-data-server
 The ntlm challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.2009-03-145.8CVE-2009-0582
CONFIRM
XF
BID
SECTRACK
SECUNIA
MLIST
back gnome -- evolution-data-server
 Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.2009-03-144.6CVE-2009-0587
BID
MLIST
MISC
MISC
back gstreamer -- gst-plugins-base
 Integer overflow in gst-libs/gst/tag/gstvorbistag.c in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a long string that is converted from a base64 representation.2009-03-144.6CVE-2009-0586
BID
MLIST
MISC
back hp -- systems insight manager
 Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors.2009-03-115.0CVE-2009-0713
HP
HP
back ibm -- websphere application server
 Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2009-03-094.3CVE-2009-0855
VUPEN
BID
AIXAPAR
AIXAPAR
SECUNIA
back ibm -- websphere application server
 Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2009-03-094.3CVE-2009-0856
AIXAPAR
back ibm -- director
 The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.2009-03-125.0CVE-2009-0879
MISC
VUPEN
back ibm -- director
 Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.2009-03-126.8CVE-2009-0880
MISC
VUPEN
back joe shaw -- libsoup
 Integer overflow in the soup base64 encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.2009-03-144.6CVE-2009-0585
BID
MLIST
MISC
back kernel -- linux
 The shm get stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM INFO shmctl call, as demonstrated by running the ipcs program.2009-03-094.7CVE-2009-0859
BID
CONFIRM
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
back kernel -- linux-pam
 Integer signedness error in the pam StrTok function in libpam/pam misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.2009-03-126.6CVE-2009-0887
BID
CONFIRM
back lukas waldauf -- phpfreeforum
 Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.2009-03-064.3CVE-2008-6437
XF
BID
BUGTRAQ
SECUNIA
back mahara -- mahara
 Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.2009-03-114.3CVE-2009-0660
BID
back microsoft -- interix
openbsd -- openbsd
 Integer overflow in the fts build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.2009-03-094.9CVE-2009-0537
BID
BUGTRAQ
CONFIRM
CONFIRM
MILW0RM
SREASONRES
back microsoft -- windows 2000
microsoft -- windows server 2003
microsoft -- windows server 2008
 The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.2009-03-114.0CVE-2009-0094
MS
back microsoft -- windows 2000
microsoft -- windows server 2003
microsoft -- windows server 2008
 The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."2009-03-115.8CVE-2009-0233
MS
back microsoft -- windows 2000
microsoft -- windows server 2003
microsoft -- windows server 2008
 The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."2009-03-116.4CVE-2009-0234
MS
back netcordia -- netmri
 Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages.2009-03-104.3CVE-2009-0860
BID
BUGTRAQ
SECUNIA
CONFIRM
back oneorzero -- oneorzero helpdesk
 Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default language parameter.2009-03-125.0CVE-2009-0886
XF
BID
MILW0RM
MILW0RM
back opensuse -- opensuse
 Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."2009-03-114.4CVE-2009-0848
SUSE
back parallels -- h-sphere
 Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.2009-03-134.3CVE-2008-6465
XF
XF
MISC
BID
SECUNIA
back phnews -- phnews
 pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php.2009-03-105.0CVE-2009-0866
XF
MILW0RM
back quiksoft -- easymail mailstore
 Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.2009-03-096.8CVE-2008-6447
XF
BID
MILW0RM
back redhat -- jboss enterprise application platform
 The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.2009-03-095.0CVE-2009-0027
REDHAT
REDHAT
REDHAT
back sina -- dloader
 Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-095.8CVE-2008-6442
XF
BID
MISC
back skyarc -- mtcms wysiwyg editor
 Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2009-03-094.3CVE-2008-6448
CONFIRM
JVNDB
JVN
back stewart howe -- celerbb
 Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic quotes gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.2009-03-096.8CVE-2009-0851
BID
BUGTRAQ
MILW0RM
back stewart howe -- celerbb
 showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.2009-03-095.0CVE-2009-0852
BID
BUGTRAQ
MILW0RM
back stewart howe -- celerbb
 login.php in CelerBB 0.0.2, when magic quotes gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value.2009-03-096.8CVE-2009-0853
BID
BUGTRAQ
MILW0RM
back sun -- opensolaris
sun -- solaris
 The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv 88 through snv 102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem hash delete function.2009-03-064.9CVE-2009-0838
SUNALERT
CONFIRM
back sun -- management center
 Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console.2009-03-094.3CVE-2009-0857
BID
SUNALERT
CONFIRM
back sun -- opensolaris
sun -- solaris
 The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv 111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4 op readdir function.2009-03-104.9CVE-2009-0870
BID
SUNALERT
CONFIRM
back sun -- opensolaris
sun -- solaris
 The NFS server in Sun Solaris 10, and OpenSolaris before snv 111, does not properly implement the AUTH NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH NONE and AUTH SYS security modes.2009-03-116.8CVE-2009-0872
SUNALERT
CONFIRM
back sun -- opensolaris
sun -- solaris
 The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv 106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."2009-03-116.8CVE-2009-0873
SUNALERT
CONFIRM
back sun -- opensolaris
sun -- solaris
 Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv 94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door call function.2009-03-124.9CVE-2009-0874
SUNALERT
CONFIRM
back sun -- opensolaris
sun -- solaris
 Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv 94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.2009-03-126.9CVE-2009-0875
SUNALERT
CONFIRM
back sun -- xvm virtualbox
 Unspecified vulnerability in Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via unknown vectors related to "certain packages."2009-03-126.9CVE-2009-0876
SUNALERT
back sun -- java system communications express
 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.2009-03-124.3CVE-2009-0877
BID
BUGTRAQ
MISC
back tangocms -- tangocms
 Cross-site scripting (XSS) vulnerability in the hook cntrlr error output function in modules/page/hooks/listeners.php in the admincp component in TangoCMS 2.2.x (aka Eagle) before 2.2.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.2009-03-104.3CVE-2009-0862
CONFIRM
CONFIRM
back under construction baby -- pc2m
 Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.2009-03-094.3CVE-2008-6450
CONFIRM
JVNDB
JVN
back wesnoth -- wesnoth
 The uncompress buffer function in src/server/simple wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.2009-03-124.3CVE-2009-0366
CONFIRM
BID
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
back wesnoth -- wesnoth
 The read game map function in src/terrain translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.2009-03-125.0CVE-2009-0878
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
back wireshark -- wireshark
 The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.2009-03-144.3CVE-2008-6472
CONFIRM
back xerox -- workcentre
 Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2009-03-064.3CVE-2008-6436
CONFIRM
VUPEN
Low Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back digium -- asterisk
 The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip uri headers cmp and (2) sip uri params cmp functions.2009-03-113.5CVE-2009-0871
BID
CONFIRM
back microsoft -- windows 2000
microsoft -- windows server 2003
microsoft -- windows server 2008
 Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.2009-03-113.5CVE-2009-0093
MS
back slysoft -- anydvd
slysoft -- clonecd
slysoft -- clonedvd
slysoft -- virtualclonedrive
 Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHOD NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to cause a denial of service (system crash) via a crafted IOCTL call.2009-03-142.1CVE-2009-0824
BID
BUGTRAQ
MISC

back Relevant Products

  • Ethereal
  • PCRE
  • Sun
  • activesync
  • aol
  • apache
  • bea
  • blackboard
  • cisco
  • citrix
  • comodo
  • epolicy
  • fedora
  • gentoo
  • gnu
  • gzip
  • jakarta
  • linux
  • metaframe
  • mysql
  • nagios
  • novell
  • openoffice
  • openoffice.org
  • openoffice.org/staroffice
  • openssh
  • openssl
  • oracle
  • palm
  • palmos
  • peoplesoft
  • perl
  • php
  • postfix
  • red hat
  • samba
  • solaris
  • sql
  • ssh
  • tomcat
  • vim
  • vmware
  • webct
  • windows ce
  • windowsce