Contents
Cal Poly Pomona

Latest Unix and Other Bulletins

UNIX and Other

Report date: April 13, 2009  Date posted: April 13, 2009

This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.

At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.

Tip: highlight any link below to reveal the criticality or priority.

SANS Bulletin - Vol 8 Num 14

None relevant

Secunia Bulletin - 2009-14

CERT Bulletin - SB09-096

Note:there may be multiple issues for each product link. Scroll down after clicking the link.

BULLETIN DETAIL

CERT Bulletin

Vulnerability Summary for the Week of March 30, 2009

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back 8pussy -- octopussy
 Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.2009-03-3110.0CVE-2008-6566
OSVDB
CONFIRM
back apple -- mac os x
microsoft -- windows
vidalia-project -- vidalia bundle
 Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.2009-03-3110.0CVE-2007-6722
MLIST
back apple -- mac os x
microsoft -- windows
vidalia-project -- vidalia bundle
 Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration.2009-03-3110.0CVE-2007-6724
MLIST
back apple -- mac os x
apple -- mac os x server
 XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS GET BOOT INFO fcntl calls.2009-04-027.2CVE-2009-1235
VUPEN
BID
MILW0RM
MISC
MISC
MISC
back apple -- mac os x
apple -- mac os x server
 Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP NOTIFY) packet that overwrites a certain ifPort structure member.2009-04-0210.0CVE-2009-1236
BID
MILW0RM
MISC
MISC
back apple -- mac os x
apple -- mac os x server
 Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS SET PKG EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.2009-04-027.2CVE-2009-1238
BID
MILW0RM
MISC
MISC
back arcadwy -- arcadwy arcade script
 SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.2009-04-027.5CVE-2009-1229
MISC
XF
BID
MILW0RM
SECUNIA
back auth2db -- auth2db
auth2dbauth2db -- 0.1.1
 SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql real escape string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.2009-04-017.5CVE-2009-1208
DEBIAN
CONFIRM
back avaya -- communication manager
 Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.2009-04-017.5CVE-2008-6574
XF
MISC
BID
SECUNIA
OSVDB
back aztech -- adsl2/2+4-port
 cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.2009-03-3010.0CVE-2008-6554
XF
BID
BUGTRAQ
SECUNIA
OSVDB
back ceruleanstudios -- trillian
 Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file.2009-03-319.3CVE-2008-6563
XF
BID
BUGTRAQ
OSVDB
back checkpoint -- firewall-1 pki web service
 Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624.2009-04-027.5CVE-2009-1227
SECTRACK
BID
BUGTRAQ
MILW0RM
FULLDISC
back cisco -- ios
 Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.2009-03-277.1CVE-2009-0635
CONFIRM
CISCO
back cybozu -- garoon
 Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.2009-03-319.3CVE-2008-6569
BID
MISC
SECUNIA
OSVDB
JVNDB
JVN
CONFIRM
back ezbsystems -- ultraiso
 Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.2009-04-019.3CVE-2008-3871
MISC
back ezbsystems -- ultraiso
 Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.2009-04-019.3CVE-2008-4825
MISC
MISC
SECUNIA
back futomi -- cgi cafe access analyzer cgi
 Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Professional Version 4.11.5 and earlier allows remote attackers to gain administrative privileges via unknown vectors.2009-04-017.5CVE-2009-1206
XF
CONFIRM
SECUNIA
JVNDB
JVN
back ibm -- websphere application server
 The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.2009-03-3110.0CVE-2009-1172
CONFIRM
CONFIRM
back ibm -- websphere application server
 The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.2009-03-3110.0CVE-2009-1174
CONFIRM
back ibm -- tivoli storage manager
 Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."2009-03-3110.0CVE-2009-1178
CONFIRM
back ibm -- db2 content manager
 Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors.2009-04-0210.0CVE-2009-1231
CONFIRM
back ixprim-cms -- ixprim
 PHP remote file inclusion vulnerability in mod/nc phpmyadmin/core/libraries/Theme Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-317.5CVE-2006-7237
XF
BID
MISC
back microsoft -- subsystem for unix-based applications
microsoft -- windows services for unix
microsoft -- windows server 2008
microsoft -- windows vista
 Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors.2009-04-0110.0CVE-2009-1216
XF
VUPEN
MSKB
SECTRACK
SECUNIA
back miniweb2 -- miniweb
 SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.2009-04-027.5CVE-2008-6582
XF
BID
MILW0RM
SECUNIA
back nortel -- communication server 1000
nortel -- unistim protocol
 Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.2009-03-317.6CVE-2008-6564
XF
MISC
SECTRACK
CONFIRM
OSVDB
back nortel -- cs1000
 Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions.2009-04-017.8CVE-2008-6576
XF
MISC
CONFIRM
SECTRACK
back nortel -- cs1000
 Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.2009-04-0110.0CVE-2008-6577
XF
CONFIRM
SECTRACK
back nortel -- cs1000
 Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.2009-04-0110.0CVE-2008-6578
XF
CONFIRM
SECTRACK
back phpaddedit -- phpaddedit
 login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.2009-04-027.5CVE-2008-6581
CONFIRM
back podcast generator -- podcast generator
 core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.2009-04-027.5CVE-2009-1226
BID
MILW0RM
SECUNIA
back precisionid -- data matrix barcode activex control
 Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.2009-04-017.8CVE-2009-1212
BUGTRAQ
MILW0RM
MISC
back puppet master -- webutil
 cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command.2009-03-3010.0CVE-2008-6556
XF
BID
BUGTRAQ
OSVDB
back puppetmaster -- webutil
 cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.2009-03-3010.0CVE-2008-6555
XF
BID
BUGTRAQ
OSVDB
back puppetmaster -- webutil
 cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command.2009-03-3010.0CVE-2008-6557
XF
BID
BUGTRAQ
OSVDB
back redhat -- cman
 Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.2009-03-317.8CVE-2008-6560
CONFIRM
FEDORA
FEDORA
FEDORA
CONFIRM
back sap -- sapgui
 Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.2009-04-019.3CVE-2007-4475
CERT-VN
MISC
back scivox -- vsp stats processor
 SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.2009-04-027.5CVE-2009-1224
MILW0RM
back sco -- reliantha
 Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters.2009-03-307.2CVE-2008-6559
BID
back trendmicro -- internet security
 The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD NEITHER IOCTL request to \Device\tmactmon that overwrites memory.2009-04-017.2CVE-2009-0686
XF
BID
BUGTRAQ
MILW0RM
MISC
MISC
back umn -- mapserver
 Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.2009-03-3110.0CVE-2009-0839
SECTRACK
BID
BUGTRAQ
MISC
CONFIRM
MLIST
back umn -- mapserver
 Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.2009-03-3110.0CVE-2009-0840
MLIST
back umn -- mapserver
 Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.2009-03-3110.0CVE-2009-0841
MLIST
back umn -- mapserver
 The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.2009-03-317.8CVE-2009-0843
MLIST
back umn -- mapserver
 mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.2009-03-3110.0CVE-2009-1176
MLIST
back umn -- mapserver
 Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors.2009-03-3110.0CVE-2009-1177
MLIST
back w3 -- amaya
 Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.2009-04-019.3CVE-2009-1209
BID
MILW0RM
MILW0RM
SECUNIA
back wireshark -- wireshark
 Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.2009-04-0110.0CVE-2009-1210
XF
BID
MILW0RM
SECUNIA
back yehe -- yehe
 Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the envoyer feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-3110.0CVE-2008-6568
XF
BID
Medium Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back abledating -- abledating
 SQL injection vulnerability in search results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.2009-03-316.8CVE-2008-6572
XF
BID
BUGTRAQ
SECUNIA
back anonymityanywhere -- tork
 TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.2009-03-314.3CVE-2007-6723
XF
BID
OSVDB
CONFIRM
MLIST
MLIST
back apple -- safari
 Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.2009-04-024.3CVE-2009-1233
XF
BID
MILW0RM
back apple -- mac os x
apple -- mac os x server
 Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS add profil or (2) SYS mac getfsstat system call.2009-04-024.9CVE-2009-1237
BID
MILW0RM
MILW0RM
MISC
MISC
MISC
back arcadwy -- arcadwy arcade script cms
 Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user name parameter).2009-04-024.3CVE-2009-1228
XF
BID
MILW0RM
SECUNIA
back avaya -- communication manager
 Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.2009-04-016.8CVE-2008-6573
XF
XF
MISC
MISC
MISC
BID
CONFIRM
CONFIRM
SECUNIA
OSVDB
OSVDB
OSVDB
back avaya -- communication manager
 Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.2009-04-016.8CVE-2008-6575
XF
MISC
SECUNIA
OSVDB
back banshee-project -- banshee
 Cross-site scripting (XSS) vulnerability in apps/web/vs diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message.2009-03-314.3CVE-2009-1175
MLIST
CONFIRM
back bluecoat -- proxysg
 Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.2009-04-015.8CVE-2009-1211
CONFIRM
SECTRACK
back cisco -- adaptive security appliance
cisco -- ios
 Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(2)22 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header.2009-04-014.3CVE-2009-1220
XF
BID
BUGTRAQ
FULLDISC
back cybozu -- garoon
 Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.2009-03-314.3CVE-2008-6570
BID
MISC
SECUNIA
OSVDB
JVNDB
JVN
CONFIRM
back debian -- nss-ldap
 nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.2009-03-314.9CVE-2009-1073
DEBIAN
CONFIRM
back fullrevolution -- aspwebcalendar
 aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.2009-04-025.0CVE-2009-1223
BUGTRAQ
back funscripts -- red reservations
 The Red Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb.2009-04-025.0CVE-2008-6580
MILW0RM
back gallarific -- gallarific
 Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via (1) the e-mail address, (2) a comment, which is not properly handled during moderation, and (3) the tag parameter to gallery/tags.php.2009-03-314.3CVE-2008-6567
BID
OSVDB
OSVDB
OSVDB
FULLDISC
back gnu -- screen
 GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.2009-04-014.9CVE-2009-1214
CONFIRM
CONFIRM
MLIST
MISC
CONFIRM
back ibm -- websphere application server
 The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.2009-03-315.5CVE-2009-0892
CONFIRM
CONFIRM
back ibm -- tivoli storage manager
 The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.2009-03-314.3CVE-2004-2762
VUPEN
BID
AIXAPAR
CONFIRM
CONFIRM
SECTRACK
SECUNIA
back invision power services -- invision power board
 Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.2009-03-314.3CVE-2008-6565
XF
BID
BUGTRAQ
back jax scripts -- jax guestbook
 Multiple cross-site scripting (XSS) vulnerabilities in jax guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected.2009-03-314.3CVE-2005-4879
BID
SECUNIA
MISC
MISC
back jax scripts -- jax guestbook
 Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook ips2block, (3) ips2block, and (4) formmailer/logfile.csv.2009-03-315.0CVE-2005-4880
SECUNIA
MISC
back jax scripts -- jax linklists
 Cross-site scripting (XSS) vulnerability in jax linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-03-314.3CVE-2008-6562
XF
BID
back linpha -- linpha
 Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new images.php, (2) login.php, and unspecified vectors.2009-03-314.3CVE-2008-6571
SECUNIA
OSVDB
OSVDB
OSVDB
CONFIRM
back living-e -- webedition
 Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register globals is enabled and magic quotes gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE LANGUAGE parameter.2009-04-025.1CVE-2009-1222
XF
BID
BUGTRAQ
MILW0RM
SECUNIA
back microsoft -- gdiplus
microsoft -- windows xp
 Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."2009-04-014.3CVE-2009-1217
XF
VUPEN
CONFIRM
MISC
back mit -- kerberos
 The spnego gss accept sec context function in lib/gssapi/spnego/spnego mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.2009-03-275.0CVE-2009-0845
XF
VUPEN
BID
MANDRIVA
CONFIRM
CONFIRM
SECUNIA
CONFIRM
back moodle -- moodle
 The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.2009-03-304.3CVE-2009-1171
MILW0RM
CONFIRM
back mozilla -- bugzilla
 Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.2009-04-016.8CVE-2009-1213
VUPEN
CONFIRM
back mozilla -- firefox
 The XUL parser in Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags.2009-04-024.3CVE-2009-1232
XF
MILW0RM
MISC
back nortel -- cs1000
 Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."2009-04-015.0CVE-2008-6579
XF
MISC
CONFIRM
SECTRACK
back openssl -- openssl
 The ASN1 STRING print ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.2009-03-275.0CVE-2009-0590
VUPEN
BID
CONFIRM
back openswan -- openswan
strongswan -- strongswan
 The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R U THERE or (2) R U THERE ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.2009-04-015.0CVE-2009-0790
BID
DEBIAN
DEBIAN
back opera -- opera
 Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags.2009-04-024.3CVE-2009-1234
XF
BID
MILW0RM
back platinumprofitzone -- turnkey ebook store
 Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.2009-04-024.3CVE-2009-1225
SECUNIA
MISC
back podcast generator -- podcast generator
 Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.2009-04-026.5CVE-2009-1230
MILW0RM
back redhat -- cluster project
redhat -- cman
redhat -- gfs2-utils
redhat -- rgmanager
fedoraproject -- fedora
 Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.2009-03-306.9CVE-2008-6552
XF
BID
FEDORA
FEDORA
FEDORA
SECUNIA
back sco -- unixware
unixware -- reliantha
 Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT PATH environment variable to point to a malicious bin/hvenv program.2009-03-306.2CVE-2008-6558
SCO
back sun -- opensolaris
 Unspecified vulnerability in Sun OpenSolaris snv 100 through snv 101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process.2009-03-306.9CVE-2009-1170
XF
VUPEN
SECTRACK
BID
SUNALERT
back sun -- solaris 10 sparc
sun -- solaris 10 x86
sun -- solaris 8 sparc
sun -- solaris 8x86
sun -- solaris 9 sparc
sun -- solaris 9 x86
sun -- opensolaris
 Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv 01 through snv 111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.2009-04-014.7CVE-2009-1207
MISC
back sun -- java system calendar server
sun -- one calendar server
 Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.2009-04-014.3CVE-2009-1218
SUNALERT
back sun -- java system calendar server
sun -- one calendar server
 Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter.2009-04-015.0CVE-2009-1219
SUNALERT
back tikiwiki -- tikiwiki cms/groupware
 Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list file gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan pages.php.2009-03-314.3CVE-2009-1204
CONFIRM
CONFIRM
back umn -- mapserver
 mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.2009-03-314.3CVE-2009-0842
MLIST
back webwizguide -- web wiz guestbook
 Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.2009-04-025.0CVE-2003-1571
OSVDB
MILW0RM
MISC
SECUNIA
Low Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back citrix -- presentation server client
 Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.2009-03-311.9CVE-2008-6561
CONFIRM
back gnu -- gnu screen
 Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.2009-04-011.9CVE-2009-1215
CONFIRM
CONFIRM
MLIST
MISC
CONFIRM
back ibm -- websphere application server
 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used.2009-03-312.1CVE-2009-1173
CONFIRM
back ibm -- tivoli storage manager
 The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."2009-03-313.5CVE-2003-1570
VUPEN
BID
AIXAPAR
CONFIRM
SECTRACK
SECUNIA

back Relevant Products

  • Ethereal
  • PCRE
  • Sun
  • activesync
  • aol
  • apache
  • bea
  • blackboard
  • cisco
  • citrix
  • comodo
  • epolicy
  • fedora
  • gentoo
  • gnu
  • gzip
  • jakarta
  • linux
  • metaframe
  • mysql
  • nagios
  • novell
  • openoffice
  • openoffice.org
  • openoffice.org/staroffice
  • openssh
  • openssl
  • oracle
  • palm
  • palmos
  • peoplesoft
  • perl
  • php
  • postfix
  • red hat
  • samba
  • solaris
  • sql
  • ssh
  • tomcat
  • vim
  • vmware
  • webct
  • windows ce
  • windowsce