Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Sat, 30 May 09
windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1808
Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.
Sat, 30 May 09
storm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1807
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
Sat, 30 May 09
hardware_management_console
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1806
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. NOTE: some of these details are obtained from third party information.
Sat, 30 May 09
linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1633
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
Sat, 30 May 09
pam-krb5
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1384
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Sat, 30 May 09
http_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Fri, 29 May 09
videoscript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1804
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Fri, 29 May 09
freepbx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1803
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Fri, 29 May 09
freepbx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1802
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
Fri, 29 May 09
freepbx
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1801
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
Fri, 29 May 09
igame
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1800
Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information.
Fri, 29 May 09
st-gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1799
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.
Fri, 29 May 09
network_shutdown_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6816
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
Fri, 29 May 09
myktools
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6815
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
Fri, 29 May 09
com_simpleboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6814
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
Thu, 28 May 09
kh1516i_ip_kvm_switch, kn9116_ip_kvm_switch, pn9108_power_over_the_net
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1477
The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer.
Thu, 28 May 09
kh1516i_ip_kvm_switch, kn9116_ip_kvm_switch
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1474
The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Thu, 28 May 09
kh1516i_ip_kvm_switch, kn9116_ip_kvm_switch
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1473
The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations."
Thu, 28 May 09
kh1516i_ip_kvm_switch, kn9116_ip_kvm_switch
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1472
The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session.
Thu, 28 May 09
certificate_system, dogtag_certificate_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0588
agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field.
Wed, 27 May 09
java_system_portal_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1796
Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.
Wed, 27 May 09
solaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3870
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
Wed, 27 May 09
solaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3869
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
Wed, 27 May 09
libsndfile, winamp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1791
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
Wed, 27 May 09
rescue
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1790
Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Wed, 27 May 09
eggdrop, eggdrop_irc_bot, windrop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1789
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
Wed, 27 May 09
libsndfile, winamp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1788
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
Wed, 27 May 09
php_dir_submit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1787
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.
Wed, 27 May 09
aix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1786
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
Wed, 27 May 09
android
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1754
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.
Wed, 27 May 09
groupwise
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1636
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
Wed, 27 May 09
groupwise
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1634
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
Wed, 27 May 09
ipfilter
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1476
Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL.
Wed, 27 May 09
pidgin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1376
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Wed, 27 May 09
pidgin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1375
The PurpleCircBuffer implementation in Pidgin before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.
Wed, 27 May 09
pidgin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1374
Buffer overflow in the decrypt_out function in Pidgin before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
Wed, 27 May 09
pidgin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1373
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
Tue, 26 May 09
antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1784
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.
Tue, 26 May 09
f-prot_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1783
Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
Mon, 25 May 09
open_virtual_desktop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1785
Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Mon, 25 May 09
f-secure_anti-virus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1782
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive.
Mon, 25 May 09
CVE-2009-1781 (frax.dk_php_recommend)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1781
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter.
Mon, 25 May 09
CVE-2009-1780 (frax.dk_php_recommend)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1780
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
Mon, 25 May 09
CVE-2009-1779 (frax.dk_php_recommend)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1779
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter.
Mon, 25 May 09
bigace_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1778
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
Mon, 25 May 09
formmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1777
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.
Mon, 25 May 09
formmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1776
Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.
Mon, 25 May 09
open_virtual_desktop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1775
Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information.
Mon, 25 May 09
CVE-2009-1381 (imap_general.php, squirrelmail)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1381
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579.
Mon, 25 May 09
CVE-2009-1774
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1774
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.
Mon, 25 May 09
activecollab
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1773
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.
Mon, 25 May 09
activecollab
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1772
Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.
Mon, 25 May 09
flyspeck_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1771
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
Mon, 25 May 09
flyspeck_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1770
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Mon, 25 May 09
ocs_inventory_ng
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1769
The web interface in OCS Inventory NG 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
Mon, 25 May 09
CVE-2009-1768 (ramazaitencms0.9.7.8, ramazaitencms0.9.8)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1768
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Mon, 25 May 09
template_monster_clone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1767
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.
Mon, 25 May 09
lightopencms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1766
SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Mon, 25 May 09
pluck
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1765
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.
Mon, 25 May 09
maxcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1764
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
Sat, 23 May 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1763
Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesystem or memory corruption) via unknown vectors.
Sat, 23 May 09
groupwise
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1762
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter.
Sat, 23 May 09
groupwise
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1635
Cross-site scripting (XSS) vulnerability in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allows remote attackers to inject arbitrary web script or HTML via the User.lang parameter.
Sat, 23 May 09
coccinelle
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1753
Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."
Sat, 23 May 09
dtorrent, ctorrent
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1759
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
Sat, 23 May 09
xen
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1758
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."
Sat, 23 May 09
transmission
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1757
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Sat, 23 May 09
slim_simple_login_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1756
SLiM Simple Login Manager 1.3.0 includes places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.
Sat, 23 May 09
nsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1755
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
Sat, 23 May 09
office_message_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1752
exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information.
Sat, 23 May 09
realty_web-base
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1751
SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 23 May 09
vidsharepro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1750
Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
Sat, 23 May 09
catviz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1749
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters.
Sat, 23 May 09
catviz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1748
Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter.
Sat, 23 May 09
bspeak
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1747
SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.
Sat, 23 May 09
phpwebnews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6813
SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
Sat, 23 May 09
phpwebnews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6812
SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 allows remote attackers to execute arbitrary SQL commands via the det parameter.
Sat, 23 May 09
dgnews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1746
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
Sat, 23 May 09
profense_web_application_firewall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1745
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.
Sat, 23 May 09
websphere_partner_gateway
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0897
IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script).
Sat, 23 May 09
java_system_communications_express
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1729
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
Sat, 23 May 09
profense_web_application_firewall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1594
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.
Sat, 23 May 09
profense_web_application_firewall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1593
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.
Sat, 23 May 09
CVE-2009-1161 (ciscoworks_common_services, ciscoworks_health_and_utilization_monitor, ciscoworks...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1161
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
Fri, 22 May 09
pinnacle_studio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1744
InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file.
Fri, 22 May 09
pinnacle_studio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1743
Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. NOTE: this can be leveraged for code execution by decompressing a file to a Startup folder. NOTE: some of these details are obtained from third party information.
Fri, 22 May 09
pc4_uploader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1742
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
Fri, 22 May 09
dm_filemanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1741
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
Fri, 22 May 09
mpeg4_viewer_activex_control
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1740
Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2) SetClientCookie methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 22 May 09
pad_site_scripts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1739
PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.
Fri, 22 May 09
feed_block
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1738
Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."
Thu, 21 May 09
mypic
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1737
Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter.
Thu, 21 May 09
com_gsticketsystem
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1736
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
Thu, 21 May 09
vidsharepro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1735
Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information.
Thu, 21 May 09
vidsharepro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1734
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Thu, 21 May 09
ipplan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1733
Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that (1) change the password, (2) add users, or (3) delete users via unknown vectors.
Thu, 21 May 09
ipplan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1732
Cross-site scripting (XSS) vulnerability in admin/usermanager in IPlan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter.
Thu, 21 May 09
mlffat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1731
SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie.
Thu, 21 May 09
netdecision_tftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1730
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.
Thu, 21 May 09
system_management_homepage
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1418
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Thu, 21 May 09
openssl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1379
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Thu, 21 May 09
openssl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1378
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Thu, 21 May 09
openssl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1377
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Thu, 21 May 09
ntp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1252
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
Wed, 20 May 09
bitweaver
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1678
Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.
Wed, 20 May 09
bitweaver
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1677
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.
Wed, 20 May 09
iis
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1676
The WebDAV implementation in Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder.
Wed, 20 May 09
32bit_ftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1675
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command.
Wed, 20 May 09
mplab_ide
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1674
Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608.
Wed, 20 May 09
solaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1673
The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD.
Wed, 20 May 09
jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1672
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.
Wed, 20 May 09
jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1671
Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.
Wed, 20 May 09
tcpdb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1670
user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.
Wed, 20 May 09
smarty
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1669
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
Wed, 20 May 09
typsoft_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1668
TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer.
Wed, 20 May 09
castripper
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1667
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a crafted .m3u file.
Wed, 20 May 09
cycloscopelite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1666
Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50.3.0 allow remote attackers to execute arbitrary code via the ReturnConnection method in (1) CM_ADOConnection.dll, (2) CM_AddressInfoDBC.dll, and (3) CM_RecordingLocationDBC.dll, related to improper dereferencing. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 20 May 09
remote_graphics_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0721
Unspecified vulnerability in Easy Login in the Sender module in HP Remote Graphics Software (RGS) 4.0.0 through 5.2.4 allows remote attackers to execute arbitrary code via unknown vectors.
Tue, 19 May 09
answer_and_question_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1665
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
Tue, 19 May 09
answer_and_question_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1664
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.
Tue, 19 May 09
answer_and_question_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1663
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory.
Tue, 19 May 09
recipe_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1662
Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.
Tue, 19 May 09
utopic
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1661
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
Tue, 19 May 09
viplay3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1660
Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in a .vpl file.
Tue, 19 May 09
elitius
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1659
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
Tue, 19 May 09
realty_web-base
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1658
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
Tue, 19 May 09
starrating_plugin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1657
Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Tue, 19 May 09
e-commerce_plugin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6811
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.
Tue, 19 May 09
booking_system_for_hotels_group
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6810
Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
Tue, 19 May 09
booking_system_for_hotels_group
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6809
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
Tue, 19 May 09
workcentre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1656
Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability."
Tue, 19 May 09
answer_and_question_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1655
Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.
Tue, 19 May 09
answer_and_question_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1654
Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
Tue, 19 May 09
tinybutstrong
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1653
Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter.
Tue, 19 May 09
business_community_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1652
admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request.
Tue, 19 May 09
business_community_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1651
SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
Tue, 19 May 09
shutter
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1650
Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.
Tue, 19 May 09
belive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1649
Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter.
Sat, 16 May 09
popcorn
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1647
Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. NOTE: some of these details are obtained from third party information.
Sat, 16 May 09
mini-stream_rm_downloader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1646
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.
Sat, 16 May 09
easy_rm-mp3_converter
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1645
Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
Sat, 16 May 09
streaming_audio_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1644
Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.
Sat, 16 May 09
soritong_mp3_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1643
Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
Sat, 16 May 09
mini-stream_to_mp3_converter
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1642
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
Sat, 16 May 09
mini-stream_rm_downloader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1641
Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
Sat, 16 May 09
kernel_recovery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1640
Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file.
Sat, 16 May 09
kernel_recovery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1639
Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Novell 4.03 allows user-assisted attackers to execute arbitrary code via a crafted .NKNT file.
Sat, 16 May 09
job_career_package
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1638
Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.
Sat, 16 May 09
simple_customer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1637
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.
Sat, 16 May 09
cyrus-sasl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0688
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
Sat, 16 May 09
ipsec-tools
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1632
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
Sat, 16 May 09
evolution
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1631
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
Sat, 16 May 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1630
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Sat, 16 May 09
ajaxterm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1629
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
Sat, 16 May 09
squirrelmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1581
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
Sat, 16 May 09
squirrelmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1580
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
Sat, 16 May 09
squirrelmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1579
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
Sat, 16 May 09
squirrelmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1578
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).
Sat, 16 May 09
a-a-s
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1466
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
Sat, 16 May 09
application_access_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1465
Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access.
Sat, 16 May 09
a-a-s_application_access_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1464
Multiple cross-site request forgery (CSRF) vulnerabilities in index.aas in Application Access Server (A-A-S) 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary programs via a command job, (2) stop services via a setservice job, or (3) terminate processes via a killprocess job.
Sat, 16 May 09
data_protector_express
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0714
Unspecified vulnerability in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows local users to gain privileges or cause a denial of service via unknown vectors.
Fri, 15 May 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0945
WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0944
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0943
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0942
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
Fri, 15 May 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0162
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0161
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0160
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0158
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0157
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0156
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0155
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0154
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0153
International Components for Unicode (ICU) in Apple Mac OS X 10.5 before 10.5.7 does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0152
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0150
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0149
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0145
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0144
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.
Fri, 15 May 09
mac_os_x
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0010
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers a heap-based buffer overflow.
Fri, 15 May 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1517
The kernel in Apple Mac OS X 10.5 before 10.5.7 does not properly check indexes during the handling of workqueues, which allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors.
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1137
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1131
Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1130
Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a malformed structure value in a PowerPoint file that triggers memory corruption, aka "Heap Corruption Vulnerability."
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1129
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1128
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0227
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0226
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0225
Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
Thu, 14 May 09
CVE-2009-0224 (compatibility_pack_word_excel_powerpoint, office_compatibility_pack_for_word_exce...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0224
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate list records in PowerPoint files, which allows remote attackers to execute arbitrary code via a crafted file that ...
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0223
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0222
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0221
Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via an invalid record type in a PowerPoint file that triggers memory corruption, aka "Integer Overflow Vulnerability."
Thu, 14 May 09
office_powerpoint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0220
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability."
Thu, 14 May 09
streaming_download_project
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1627
Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file.
Thu, 14 May 09
ez-blog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1626
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter.
Thu, 14 May 09
thickbox_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1625
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
Thu, 14 May 09
dew-newphplinks
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1624
Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter.
Thu, 14 May 09
dew-newphplinks
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1623
Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter.
Thu, 14 May 09
ecshop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1622
SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action.
Thu, 14 May 09
opencart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1621
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
Wed, 13 May 09
matachat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1620
Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters.
Wed, 13 May 09
filestream
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1619
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
Wed, 13 May 09
livehelp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1618
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
Wed, 13 May 09
linktracker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1617
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
Wed, 13 May 09
ez_link_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6808
SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
Wed, 13 May 09
osprey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6807
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xml_dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the lib_dir vector is already covered by CVE-2006-6630.
Wed, 13 May 09
7shop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6806
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
Wed, 13 May 09
coppermine_photo_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1616
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
Wed, 13 May 09
leap
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1615
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
Wed, 13 May 09
leap
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1614
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information.
Wed, 13 May 09
leap_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1613
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
Wed, 13 May 09
storm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1612
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method. NOTE: some of these details are obtained from third party information.
Wed, 13 May 09
mic_blog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6805
Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.
Wed, 13 May 09
tribiq_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6804
** DISPUTED ** Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue.
Wed, 13 May 09
dizi_portali
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6803
SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 13 May 09
32bit_ftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1611
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command.
Wed, 13 May 09
job_script_job_board_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1610
admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request.
Wed, 13 May 09
battle_blog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1609
Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Wed, 13 May 09
mplab_ide
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1608
Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields.
Wed, 13 May 09
linkbase
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1607
Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu.
Wed, 13 May 09
dafolocontrol
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1606
Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 13 May 09
sumatrapdf
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1605
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.
Wed, 13 May 09
limesurvey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1604
Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/.
Wed, 13 May 09
opensc, pkcs_11_library
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1603
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
Wed, 13 May 09
CVE-2009-1602
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1602
Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands.
Wed, 13 May 09
linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1601
The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.
Wed, 13 May 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1600
Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's positio...
Wed, 13 May 09
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1599
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a...
Wed, 13 May 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1598
Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's positi...
Tue, 12 May 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1597
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's posi...
Tue, 12 May 09
pango
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1194
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
Tue, 12 May 09
garmin_communicator_plugin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0194
The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error."
Tue, 12 May 09
openfire
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1596
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
Tue, 12 May 09
openfire
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1595
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
Tue, 12 May 09
32bit_ftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1592
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368.
Tue, 12 May 09
cgi_web_mailer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1591
CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form.
Tue, 12 May 09
form2mail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1590
Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form.
Tue, 12 May 09
cgi_rescue_minibbs22
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1589
Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows remote attackers to send email to arbitrary recipients via unknown vectors.
Tue, 12 May 09
cgi_rescue_minibbs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1588
Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 9 May 09
php_site_lock
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1587
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
Sat, 9 May 09
grabit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1586
Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file.
Sat, 9 May 09
tematres
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1585
Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 9 May 09
tematres
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1584
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
Sat, 9 May 09
tematres
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1583
Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.
Sat, 9 May 09
million_dollar_text_links
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1582
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.
Sat, 9 May 09
phphotogallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6802
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 9 May 09
vivvo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6801
Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Sat, 9 May 09
samba
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6800
Race condition in the winbind daemon (aka winbindd) in Samba before 3.0.32 allows attackers to cause a denial of service (crash) via unspecified vectors related to an "unresponsive" child process.
Sat, 9 May 09
flashchat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6799
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parmaeter to "7."
Sat, 9 May 09
pre_real_estate_listings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6798
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
Sat, 9 May 09
mitel_nupoint_messenger
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6797
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.
Fri, 8 May 09
cscope
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1577
Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.
Fri, 8 May 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1442
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
Fri, 8 May 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1441
Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.
Fri, 8 May 09
pre_real_estate_listings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6796
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
Fri, 8 May 09
vibro-school-cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6795
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
Fri, 8 May 09
fsf_ex_pub
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6794
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Fri, 8 May 09
ptk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6793
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
Fri, 8 May 09
linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6792
system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.
Fri, 8 May 09
drupal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1576
Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can...
Fri, 8 May 09
drupal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1575
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.
Fri, 8 May 09
ipsec-tools
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1574
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
Fri, 8 May 09
debian_linux, fedora, xvfb-run
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Fri, 8 May 09
CVE-2009-1572
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1572
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
Fri, 8 May 09
wrt54gc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1561
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.
Fri, 8 May 09
wvc54gc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1560
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code.
Fri, 8 May 09
firmware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1559
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible.
Fri, 8 May 09
firmware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1558
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
Fri, 8 May 09
firmware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1557
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
Fri, 8 May 09
firmware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1556
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.
Fri, 8 May 09
firmware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1555
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390.
Fri, 8 May 09
woodstock
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1554
Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.
Fri, 8 May 09
glassfish_enterprise_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1553
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpLis...
Fri, 8 May 09
unixware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1552
Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7.1.4 Maintenance Pack 4 allows attackers to cause a denial of service (system panic) via unspecified vectors.
Thu, 7 May 09
quickteam
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1551
Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php.
Thu, 7 May 09
abs_advertise
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1550
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.
Thu, 7 May 09
agtc_myshop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1549
AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."
Thu, 7 May 09
blusky_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1548
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
Thu, 7 May 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1527
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.
Thu, 7 May 09
directadmin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1526
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
Thu, 7 May 09
directadmin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1525
CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
Thu, 7 May 09
email_server, webmail_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1469
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.
Thu, 7 May 09
email_server, webmail_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1468
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
Thu, 7 May 09
webmail_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1467
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
Thu, 7 May 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1184
The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21.
Thu, 7 May 09
groupshield
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1491
McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
Thu, 7 May 09
sendmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1490
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
Thu, 7 May 09
jetty
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1524
Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.
Thu, 7 May 09
jetty
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1523
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Thu, 7 May 09
tivoli_storage_manager_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1522
The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors.
Thu, 7 May 09
tivoli_storage_manager_client, tivoli_storage_manager_express
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1521
Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors.
Thu, 7 May 09
tivoli_storage_manager_client, tivoli_storage_manager_express
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1520
Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors.
Thu, 7 May 09
openview_network_node_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0720
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
Thu, 7 May 09
cscope
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0148
Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via (1) long pathnames, (2) long source-code strings, and other vectors.
Thu, 7 May 09
tivoli_storage_manager_client, tivoli_storage_manager_express
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4828
Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest re...
Wed, 6 May 09
pecio_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1519
Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.
Wed, 6 May 09
beltane
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1518
Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 6 May 09
pumpkin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6791
PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.
Wed, 6 May 09
photo_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6790
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.
Wed, 6 May 09
photo_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6789
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
Wed, 6 May 09
photo_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6788
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.
Wed, 6 May 09
norton_ghost
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1517
Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.
Wed, 6 May 09
merak_mail_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1516
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method.
Wed, 6 May 09
file
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1515
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.
Wed, 6 May 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1514
Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.
Wed, 6 May 09
libmodplug
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1513
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
Wed, 6 May 09
x-forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1512
Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.
Wed, 6 May 09
windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1511
GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value.
Wed, 6 May 09
koschtit_image_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1510
Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter to (1) ki_makepic.php and (2) ki_nojsdisplayimage.php in ki_base/.
Wed, 6 May 09
ajaxportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1509
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Wed, 6 May 09
x-forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1508
SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.
Wed, 6 May 09
lizardware_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6787
SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user.
Wed, 6 May 09
geekigeeki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6786
Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (1) handle_edit and (2) handle_raw functions.
Wed, 6 May 09
mini_file_host
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6785
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file.
Mon, 4 May 09
nodeaccess_userreference
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1507
The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.
Mon, 4 May 09
elitius
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1506
SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.
Mon, 4 May 09
news_page
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1505
SQL injection vulnerability in News Page 5.x before 5.x-1.2 module, a module for Drupal, allows remote attackers, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words field (keywords parameter).
Mon, 4 May 09
absolute_control_panel_xe
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1504
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
Mon, 4 May 09
tigerdms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1503
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Mon, 4 May 09
s-cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1502
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
Mon, 4 May 09
exif
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1501
Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.
Mon, 4 May 09
projectcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1500
SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
Mon, 4 May 09
flash_media_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1365
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests.
Mon, 4 May 09
libwmf
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1364
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
Mon, 4 May 09
ez_adult_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6784
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
Mon, 4 May 09
ez_home_business_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6783
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
Mon, 4 May 09
ez_hosting_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6782
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
Mon, 4 May 09
ez_gaming_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6781
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
Mon, 4 May 09
ez_affiliate
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6780
SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
Mon, 4 May 09
sarkilar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6779
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
Mon, 4 May 09
ez_auction
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6778
SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Mon, 4 May 09
myphp_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6777
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.
Mon, 4 May 09
ez_hot_or_not
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6776
SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.
Mon, 4 May 09
com_mailto
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1499
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
Mon, 4 May 09
idb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1498
Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter in a settings action to profile.php.
Mon, 4 May 09
gom_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1497
Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.
Mon, 4 May 09
cmimarketplace
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1496
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
Mon, 4 May 09
web_file_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1495
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.
Mon, 4 May 09
htc_touch_cruise, htc_touch_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6775
HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204.
Mon, 4 May 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1313
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Mon, 4 May 09
memcached
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1494
The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.
Mon, 4 May 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1493
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 8.1.4 and 9.1 on Linux allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
Mon, 4 May 09
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1492
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
Mon, 4 May 09
foswiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1434
Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.
Mon, 4 May 09
antivirus, client_security, endpoint_protection, endpoint_protection_protection
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1432
Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.
Mon, 4 May 09
gnutls
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1417
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
Mon, 4 May 09
gnutls
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1416
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
Mon, 4 May 09
gnutls
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1415
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
Mon, 4 May 09
CVE-2009-1348 (active_virus_defense, active_virusscan, email_gateway, internet_security_suite, s...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1348
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
Mon, 4 May 09
CVE-2009-1341 (0.94, libdbd-pg-perl)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1341
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.
Mon, 4 May 09
twiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1339
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
Mon, 4 May 09
apport, ubuntu
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1295
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
Mon, 4 May 09
enterprise_message_service, rtworks, smartsockets_rtserver
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1291
Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inboun...
Mon, 4 May 09
memcached
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1255
The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.
Mon, 4 May 09
CVE-2009-0663 (dbd::pg)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0663
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
Mon, 4 May 09
fungamez
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1489
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
Mon, 4 May 09
fungamez
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1488
Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php.
Mon, 4 May 09
fungamez
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1487
SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information.
Mon, 4 May 09
flatchat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1486
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
Mon, 4 May 09
emule_plus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1485
The logging feature in eMule Plus before 1.2e allows remote attackers to cause a denial of service (infinite loop) via unspecified attack vectors.
Mon, 4 May 09
axigen_mail_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1484
Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Mon, 4 May 09
address_book
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1483
Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/.
Mon, 4 May 09
moinmoin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1482
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
Mon, 4 May 09
puterjams_blog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1481
SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Mon, 4 May 09
pragyan_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1480
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
Mon, 4 May 09
yourplace
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6774
internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Mon, 4 May 09
yourplace
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6773
Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters.
Mon, 4 May 09
yourplace
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6772
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.
Mon, 4 May 09
yourplace
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6771
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function.
Mon, 4 May 09
yourplace
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6770
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt.
Mon, 4 May 09
yourplace
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6769
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Mon, 4 May 09
k&s_shopsoftware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6768
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
Mon, 4 May 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1478
Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors.
Mon, 4 May 09
CVE-2009-1431 (antivirus, antivirus_central_quarantine_server, client_security, endpoint_protect...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1431
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute ...
Mon, 4 May 09
CVE-2009-1430 (antivirus, antivirus_central_quarantine_server, client_security, endpoint_protect...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1430
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow ...
Mon, 4 May 09
CVE-2009-1429 (antivirus, antivirus_central_quarantine_server, client_security, endpoint_protect...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1429
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary comman...
Mon, 4 May 09
antivirus, endpoint_protection, norton_360, norton_internet_security
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1428
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."
Mon, 4 May 09
hp-ux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0719
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.