Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Wed, 30 Sep 09
netvault
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3448
npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information.
Fri, 25 Sep 09
com_hbssearch
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3368
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.
Fri, 25 Sep 09
sznews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3362
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
Fri, 25 Sep 09
php-ipnmonitor
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3361
SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter.
Fri, 25 Sep 09
datemill
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3360
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
Fri, 25 Sep 09
match_agency_biz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3359
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
Fri, 25 Sep 09
adult_portal_escort_listing
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3358
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
Fri, 25 Sep 09
com_hbssearch
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3357
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-...
Fri, 25 Sep 09
image_voting
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3356
SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter.
Fri, 25 Sep 09
buy_dating_site
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3355
Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.
Fri, 25 Sep 09
rest_api_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3354
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
Fri, 25 Sep 09
node2node
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3353
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
Fri, 25 Sep 09
quota_by_role
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3352
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
Fri, 25 Sep 09
node_browser_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3351
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
Fri, 25 Sep 09
subdomain_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3350
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
Fri, 25 Sep 09
gyro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3349
SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.
Fri, 25 Sep 09
gyro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3348
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
Fri, 25 Sep 09
dir-400
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3347
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Fri, 25 Sep 09
crystal_reports_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3346
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Fri, 25 Sep 09
crystal_reports_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3345
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Fri, 25 Sep 09
crystal_reports_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3344
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Fri, 25 Sep 09
hotweb_rentals
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3343
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
Fri, 25 Sep 09
com_alphauserpoints
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3342
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
Fri, 25 Sep 09
wrt54gl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3341
Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Fri, 25 Sep 09
freesshd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3340
Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Fri, 25 Sep 09
email_and_web_security_appliance
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3339
Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Fri, 25 Sep 09
magic_morph
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3338
Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.
Fri, 25 Sep 09
serendipity_freetag-plugin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3337
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
Fri, 25 Sep 09
CVE-2009-3336
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3336
SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter.
Fri, 25 Sep 09
turtushout
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3335
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
Fri, 25 Sep 09
CVE-2009-2680 (storageworks_1/8_g2_tape_autoloader, storageworks_msl2024_tape_library, storagewo...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2680
Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmare 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors.
Thu, 24 Sep 09
com_jinc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3334
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
Thu, 24 Sep 09
com_koesubmit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3333
PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Thu, 24 Sep 09
com_jbudgetsmagic
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3332
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
Thu, 24 Sep 09
ddl_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3331
Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to (1) header.php, (2) submit.php, (3) submitted.php, and (4) autosubmitter/index.php.
Thu, 24 Sep 09
cp_creator
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3330
SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action.
Thu, 24 Sep 09
winplot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3329
Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file.
Thu, 24 Sep 09
wx-guestbook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3328
Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information.
Thu, 24 Sep 09
wx-guestbook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3327
Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information.
Thu, 24 Sep 09
cmscontrol
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3326
SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter.
Thu, 24 Sep 09
com_surveymanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3325
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
Thu, 24 Sep 09
prodler
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3324
PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter.
Thu, 24 Sep 09
barosmini
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3323
Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/.
Thu, 24 Sep 09
gigaset_se361_wlan_router
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3322
The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723.
Thu, 24 Sep 09
saphplesson
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3321
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.
Thu, 24 Sep 09
paolink
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3320
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Thu, 24 Sep 09
dawaween
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3319
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.
Thu, 24 Sep 09
com_album
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3318
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
Thu, 24 Sep 09
opensiteadmin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3317
PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.
Thu, 24 Sep 09
com_jreservation
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3316
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
Thu, 24 Sep 09
nephp_publisher
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3315
SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.
Thu, 24 Sep 09
elite_gaming_ladders
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3314
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
Thu, 24 Sep 09
fmyclone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3313
Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php.
Thu, 24 Sep 09
phppollscript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3312
PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter.
Thu, 24 Sep 09
rssmediascript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3311
Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Thu, 24 Sep 09
zainu
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3310
SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action.
Thu, 24 Sep 09
cf_shopkart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3309
SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320.
Thu, 24 Sep 09
fanupdate
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3308
SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
Thu, 24 Sep 09
fsphp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3307
Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/.
Thu, 24 Sep 09
clearsite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3306
PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter.
Wed, 23 Sep 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3294
The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application tha...
Wed, 23 Sep 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3293
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
Wed, 23 Sep 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3292
Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to "missing sanity checks around exif processing."
Wed, 23 Sep 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3291
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
Wed, 23 Sep 09
linux_kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3290
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read guest kernel memory via unspecified "random addresses."
Wed, 23 Sep 09
glib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3289
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
Wed, 23 Sep 09
linux_kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3288
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
Wed, 23 Sep 09
thin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3287
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.
Wed, 23 Sep 09
linux_kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3286
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. That also explains why we don't see this problem with root...the permission check is always passing there (provided we're not root squashing).
Wed, 23 Sep 09
php_&_css_bbs, php_bbs, php_bbs_ce, php_image_capture_bbs, php_rss_builder, webshot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3284
Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors.
Wed, 23 Sep 09
php_&_css_bbs, php_bbs, php_bbs_ce, php_image_capture_bbs, php_rss_builder, webshot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3283
Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies.
Sat, 19 Sep 09
shockwave_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3244
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ShockWave Player 11.5.1.601 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
Sat, 19 Sep 09
wireshark
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3243
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
Sat, 19 Sep 09
wireshark
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3242
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
Sat, 19 Sep 09
wireshark
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3241
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
Sat, 19 Sep 09
xf-section
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3240
Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 19 Sep 09
CVE-2009-3239 (linux_desktop, openoffice.org, opensuse, suse_linux_enterprise_server)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3239
Buffer overflow in the EMF parser implementation in OpenOffice.org (OOo) in SUSE openSUSE 10.3 through 11.1, Novell Linux Desktop (NLD) 9, and SUSE Linux Enterprise (SLE) 10 and 11 has unknown impact and remote attack vectors, related to enhwmf.cxx and emfplus.cxx.
Sat, 19 Sep 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3238
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
Sat, 19 Sep 09
planet, planet_venus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2937
Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.
Sat, 19 Sep 09
suse_linux_enterprise_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2707
Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 application.
Sat, 19 Sep 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1883
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.
Fri, 18 Sep 09
punbb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7241
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.
Fri, 18 Sep 09
php_user_base
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7240
Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter.
Fri, 18 Sep 09
groupware_webmail_edition, horde_application_framework, horde_groupware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3237
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME "te...
Fri, 18 Sep 09
application_framework, groupware, groupware_webmail_edition
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3236
Unspecified vulnerability in the form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files via crafted "image form fields."
Fri, 18 Sep 09
dovecot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3235
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
Fri, 18 Sep 09
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3234
Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) via a "big size data" to the perf_counter_open system call.
Fri, 18 Sep 09
changetrack
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3233
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
Fri, 18 Sep 09
debian_linux, ubuntu_linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3232
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
Fri, 18 Sep 09
postgresql
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3231
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Fri, 18 Sep 09
postgresql
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3230
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Fri, 18 Sep 09
postgresql
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3229
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
Thu, 17 Sep 09
cbauthority
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3205
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.
Thu, 17 Sep 09
stiva_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3204
Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php.
Thu, 17 Sep 09
aj_auction_pro-oopd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3203
SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
Thu, 17 Sep 09
uloki_php_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3202
Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter.
Tue, 15 Sep 09
greensql_firewall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7229
GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20).
Tue, 15 Sep 09
recipe_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7226
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
Tue, 15 Sep 09
elinks
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7224
Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.
Tue, 15 Sep 09
linpha
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7223
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
Tue, 15 Sep 09
runcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7222
Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action.
Tue, 15 Sep 09
runcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7221
Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.
Sat, 12 Sep 09
gazelle_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3167
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
Sat, 12 Sep 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2800
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
Sat, 12 Sep 09
onecms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7209
Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory.
Sat, 12 Sep 09
onecms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7208
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
Sat, 12 Sep 09
rivettracker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7207
RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.
Sat, 12 Sep 09
elog_web_logbook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7206
Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS).
Sat, 12 Sep 09
virtuemart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7205
Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file.
Sat, 12 Sep 09
virtuemart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7204
Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Sat, 12 Sep 09
counter-strike
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7203
Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets.
Fri, 11 Sep 09
portalxp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3148
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.
Fri, 11 Sep 09
reviewpost_php_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3147
Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter.
Fri, 11 Sep 09
articlefriend_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3146
Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 11 Sep 09
silc_client, silc_toolkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3051
Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.
Fri, 11 Sep 09
openwebmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7202
Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
Fri, 11 Sep 09
mss485-t
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7201
Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap.
Fri, 11 Sep 09
deliantra
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7200
Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors.
Fri, 11 Sep 09
fl_il_24_bk-pac
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7199
Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) unspecified manipulations as demonstrated by a Nessus scan or (2) malformed input to TCP port 502.
Fri, 11 Sep 09
phpns
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7198
Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors.
Fri, 11 Sep 09
g15daemon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7197
Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors.
Fri, 11 Sep 09
metashell
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7196
Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.
Fri, 11 Sep 09
interstage_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7195
Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server Enterprise Edition 7.0.1 for Solaris, allows attackers to cause a denial of service via unknown vectors related to SSL.
Fri, 11 Sep 09
interstage_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7194
Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request.
Fri, 11 Sep 09
p-330w_router
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6730
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup.
Fri, 11 Sep 09
p-330w_router
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6729
Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors.
Wed, 9 Sep 09
surgemail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7182
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
Wed, 9 Sep 09
butterfly_organizer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7181
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.
Wed, 9 Sep 09
telephone_directory_2008
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7180
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.
Wed, 9 Sep 09
otmanager_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7179
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
Wed, 9 Sep 09
uploader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7178
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
Wed, 9 Sep 09
nasm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7177
Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
Wed, 9 Sep 09
facil_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7176
Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) change_lang parameter to index.php or (2) modload parameter to modules.php.
Wed, 9 Sep 09
nextgen_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7175
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.
Wed, 9 Sep 09
internet_connectivity_kit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7174
Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions.
Wed, 9 Sep 09
internet_connectivity_kit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7173
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
Wed, 9 Sep 09
lightweight_news_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7172
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
Wed, 9 Sep 09
lightweight_news_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7171
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.
Wed, 9 Sep 09
gsc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7170
GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet.
Wed, 9 Sep 09
com_jabode
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7169
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
Wed, 9 Sep 09
CVE-2008-7168 (uusee, uuupgrade.ocx)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7168
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
Wed, 9 Sep 09
page_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7167
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Sat, 5 Sep 09
iis
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2521
Stack consumption vulnerability in the FTP server in Microsoft Internet Information Server (IIS) 5.0 and 6.0 allows remote authenticated users to cause a denial of service (crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot).
Sat, 5 Sep 09
bittorrent, utorrent
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7166
Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.
Sat, 5 Sep 09
gate2_plus_wi-fi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7165
Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters.
Sat, 5 Sep 09
shareaza
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7164
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor.
Sat, 5 Sep 09
sinecms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7163
Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter.
Sat, 5 Sep 09
hero_super_player_3000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7162
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.
Sat, 5 Sep 09
fortigate-1000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7161
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058.
Thu, 3 Sep 09
vmware_studio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2968
Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors.
Thu, 3 Sep 09
qt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2700
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Thu, 3 Sep 09
CVE-2009-0201 (openoffice.org)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0201
Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Thu, 3 Sep 09
CVE-2009-0200 (openoffice.org)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0200
Integer underflow in OpenOffice.org (OOo) before 3.1.1 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
Thu, 3 Sep 09
footprints
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7158
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.
Thu, 3 Sep 09
ekinboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7157
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
Thu, 3 Sep 09
ekinboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7156
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
Thu, 3 Sep 09
netrisk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7155
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
Thu, 3 Sep 09
docebo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7154
Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.
Thu, 3 Sep 09
docebo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7153
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
Thu, 3 Sep 09
dnsmasq
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2958
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Thu, 3 Sep 09
dnsmasq
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2957
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
Wed, 2 Sep 09
CVE-2008-7141 (@lex_poll)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7141
Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 2 Sep 09
CVE-2008-7140 (@lex_guestbook)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7140
Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.
Wed, 2 Sep 09
eye-fi_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7139
Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload.
Wed, 2 Sep 09
eye-fi_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7138
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.
Wed, 2 Sep 09
eye-fi_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7137
WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors.
Wed, 2 Sep 09
icq_toolbar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7136
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135.
Wed, 2 Sep 09
icq_toolbar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7135
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.
Wed, 2 Sep 09
download_center
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7134
Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 2 Sep 09
easyimagecatalogue
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7133
Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 2 Sep 09
nuked-klan
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7132
Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.3 beta allows remote attackers to inject arbitrary web script or HTML via the nuked_nude parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 1 Sep 09
maxthon_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3018
Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text...
Tue, 1 Sep 09
orca_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3017
Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (3) injecting a Location header that contains JavaScript sequences in a data:text/html ...
Tue, 1 Sep 09
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3016
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript se...
Tue, 1 Sep 09
qtweb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3015
QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html UR...
Tue, 1 Sep 09
firefox, mozilla, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3014
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
Tue, 1 Sep 09
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3013
Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP s...
Tue, 1 Sep 09
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3012
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the contex...
Tue, 1 Sep 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3011
Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of ...
Tue, 1 Sep 09
firefox, mozilla, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3010
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: i...
Tue, 1 Sep 09
db2_monitoring_console
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7131
Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to gain access to a database via a link to a victim who is already connected to the database.
Tue, 1 Sep 09
db2_monitoring_console
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7130
Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upload arbitrary files via unknown vectors.
Tue, 1 Sep 09
xyssl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7129
XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification.
Tue, 1 Sep 09
xyssl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7128
The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.
Tue, 1 Sep 09
visibroker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7127
osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled.
Tue, 1 Sep 09
visibroker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7126
Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.
Tue, 1 Sep 09
ariadne_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7125
pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information.
Tue, 1 Sep 09
zkup
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7124
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
Tue, 1 Sep 09
zkup
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7123
Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
Tue, 1 Sep 09
registry_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7122
Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) DeleteValue, (6) EnumKeys, (7) EnumValues, (8) QueryType, (9) QueryValue, (10) RenameKey, and (11) SetValue methods.